| IndyWatch Science and Technology News Feed Archiver | |
 |
Go Back:30 Days | 7 Days | 2 Days | 1 Day |
|
IndyWatch Science and Technology News Feed was generated at World News IndyWatch. |
|
Saturday, 22 April
00:42
Distribution Release: Lubuntu 23.04 DistroWatch.com: News
The Lubuntu team have announced the launch of Lubuntu 23.04, an interm release which will receive nine months of updates. Several offered by the LXQt desktop: "Lubuntu previously used the PulseAudio audio system to provide rich....
00:39
Cosmic Antimatter Hints at Origins of Huge Bubbles in Our Galaxy's Center SoylentNews
The Fermi bubbles may have started life as jets of high-energy charged particles:
Bubbles of radiation billowing from the galactic center may have started as a stream of electrons and their antimatter counterparts, positrons, new observations suggest. An excess of positrons zipping past Earth suggests that the bubbles are the result of a burp from our galaxy's supermassive black hole after a meal millions of years ago.
For over a decade, scientists have known about bubbles of gas, or Fermi bubbles, extending above and below the Milky Way's center (SN: 11/9/10). Other observations have since spotted the bubbles in microwave radiation and X-rays (SN: 12/9/20). But astronomers still aren't quite sure how they formed.
A jet of high-energy electrons and positrons, emitted by the supermassive black hole in one big burst, could explain the bubbles' multi-wavelength light, physicist Ilias Cholis reported April 18 at the American Physical Society meeting.
In the initial burst, most of the particles would have been launched along jets aimed perpendicular to the galaxy's disk. As the particles interacted with other galactic matter, they would lose energy and cause the emission of different wavelengths of light.
Those jets would have been aimed away from Earth, so those particles can never be detected. But some of the particles could have escaped along the galactic disk, perpendicular to the bubbles, and end up passing Earth. "It could be that just now, some of those positrons are hitting us," says Cholis, of Oakland University in Rochester, Mich.
Read more of this story at SoylentNews.
00:36
WebKitGTK and WPE WebKit Security Advisory WSA-2023-0003 Open Source Security
Posted by Carlos Alberto Lopez Perez on Apr 21
------------------------------------------------------------------------WebKitGTK and WPE WebKit Security Advisory WSA-2023-0003
------------------------------------------------------------------------
Date reported : April 21, 2023
Advisory ID : WSA-2023-0003
WebKitGTK Advisory URL : https://webkitgtk.org/security/WSA-2023-0003.html
WPE WebKit Advisory URL :...
00:30
Intel Updates Packaged Arc Graphics Driver For Ubuntu 22.04 LTS Phoronix
While Linux 6.2 supports Arc Graphics out-of-the-box and Mesa 23.1 has good OpenGL/Vulkan support, for those running Linux distributions on older kernels and Mesa packages there is less than ideal support -- either no support at all or having to resort to force-enabling the DG2/Alchemist support and potentially running on older OpenGL/Vulkan drivers with various problems. To ease the experience for those running Ubuntu 22.04 LTS, Intel has been module as well as updated Mesa packages...
00:09
US Facebook users can now claim their share of $725 million Cambridge Analytica settlement Graham Cluley
Were you a US-based Facebook user between May 24 2007 and December 22 2022? If so, I've got some good news for you. Read more in my article on the Hot for Security blog.
00:01
No wizardry needed to use Ansibles magic variable hostvars Linux.com
Get past the illusion of hostvars being difficult and begin using them in your playbooks, tasks, and roles.
Read More at Enable Sysadmin
The post No wizardry needed to use Ansibles magic variable hostvars appeared first on Linux.com.
00:00
This Week in Security: Spandex Tempest, Supply Chain Chain, and NTP Hackaday
Microsofts Threat Intelligence group has announced a new naming scheme for threat actors. It sounds great, naming groups after weather phenomenon, based on the groups motivations or nation of origin. Then each discreet group is given an additional adjective. Thats where things get interesting.
It seems like the adjectives were chosen at random, giving rise for some suitably impressive names, like Ghost Blizzard, Ruby Sleet, or Granite Typhoon. Some of the other names sound like they should be desserts: Caramel Tsunami, Peach Sandstorm, Aqua Blizzard, or Raspberry Typhoon. But then there the really special names, like Wine Tempest and Zigzag Hail. But the absolute winner is Spandex Tempest. No word yet on whether researchers managed to keep a straight face when approving that name.
Chrome 0-day Double
A pair of Chrome browser releases have been minted in the past week, both to address vulnerabilities that are actively being exploited. Up first was CVE-2022-2033, type confusion in the V8 JS engine. That flaw was reported by Googles Threat Analysis Group, presumably discovered in the wild,...
Friday, 21 April
23:55
[$] Designated movable (memory) blocks LWN.net
The concept of movable memory was initially designed for hot-pluggable memory on server-class systems, but it would now appear that this mechanism is finding a new use in consumer-electronics devices as well. The designated movable block patch set was first submitted by Doug Berger in September 2022. By adding more flexibility around the configuration and use of movable memory, this work will, it is hoped, improve how Linux performs on resource-constrained systems.
23:52
"Trusted publishers" on the Python Package Index LWN.net
The Python Package Index (PyPI) has, like many language-specific repositories, had ongoing problems with malicious uploads. PyPI is now launching an authentication mechanism called trusted publishers in an attempt to fight this problem.
Instead, PyPI maintainers can configure PyPI to trust an identity provided by a given OpenID Connect Identity Provider (IdP). This allows allows PyPI to verify and delegate trust to that identity, which is then authorized to request short-lived, tightly-scoped API tokens from PyPI. These API tokens never need to be stored or shared, rotate automatically by expiring quickly, and provide a verifiable link between a published package and its source.
23:52
Pro-Russia hackers launched a massive attack against the EUROCONTROL agency Security Affairs
Pro-Russia hackers KillNet launched a massive DDoS attack against Europes air-traffic agency EUROCONTROL.
Europes air-traffic control agency EUROCONTROL announced that it was under attack from pro-Russian hackers.
The European Organisation for the Safety of Air Navigation pointed out that the attack had no impact on European air traffic control activities.
Since 19 April, the EUROCONTROL website has been under attack by pro-Russian hackers. The attack is causing interruptions to the website and web availability. There has been no impact on European aviation. reads the statement published by the agency on its website.
The massive DDoS attack hit the website of the agency on April 19.
The EUROCONTROL is an international organisation working to achieve safe and seamless air traffic management across Europe. The agency currently has 41 member states, the EU has delegated parts of its Single European Sky regulations to it, making it the central organisation for coordination and planning of air traffic control for all of Europe. The organisation works with national authorities, air navigation service providers, civil and military airspace users, airports, and other organisations.
A senior Eurocontrol official told The Wall Street Journal, that the Pro-Russia hackers cannot access systems for aviation safety because these systems are air-gapped.
The official described the attack as heavy cyber battle with the hackers.
Experts believe that the attack was launched by the Pro-Russia hacking group Killnet as it had reportedly called to action against Eurocontrol via its Telegram channel.
23:46
Security updates for Friday LWN.net
Security updates have been issued by Debian (golang-1.11 and libxml2), Fedora (chromium, dr_libs, frr, ruby, and runc), Oracle (java-11-openjdk and java-17-openjdk), Red Hat (emacs, httpd and mod_http2, kpatch-patch, and webkit2gtk3), SUSE (libmicrohttpd, nodejs16, ovmf, and wireshark), and Ubuntu (kauth and patchelf).
23:26
Kubernetes RBAC Exploited in Large-Scale Campaign for Cryptocurrency Mining The Hacker News
A large-scale attack campaign discovered in the wild has been exploiting Kubernetes (K8s) Role-Based Access Control (RBAC) to create backdoors and run cryptocurrency miners. "The attackers also deployed DaemonSets to take over and hijack resources of the K8s clusters they attack," cloud security firm Aqua said in a report shared with The Hacker News. The Israeli company, which dubbed the attack
22:50
Corsair 2 x 24GB DDR5-7000 Memory Linux Performance Phoronix
Corsair recently launched their line-up of 2 x 24GB DDR5 memory kits. With recent DDR5 memory prices falling, for as little as $215 USD it's now possible to obtain 48GB of DDR5-7000 RAM. With this being my first time testing a non-binary DDR5 memory kit, here is an initial look at the Corsair CMK48GX5M2B7000C40 compatibility and performance under Linux.
22:43
Digital Restrictions Management (DRM) Crushing Farmers Techrights
Summary: The above LibrePlanet panel talk from one month ago speaks about repairs of farm equipment; the panel includes Sick Codes, Kevin Kenney, Elizabeth Chamberlain, and Paul Roberts. The video was uploaded by the FSF less than 3 days ago (slides here; PeerTube link); From the official page: Farmers large and small in the U.S. are being crushed under the thumb of BigAg equipment makers whose late model farm machinery combines sensors, always-on Internet connections, software and Digital Restrictions Management (DRM) to vacuum up and monetize proprietary farm data, while simultaneously preventing farmers from being able to service and repair their own equipment. Farmers who own late model equipment today are required to patronize authorized technicians at the expense of independent repair and are forced to pay astronomical prices for even routine maintenance. Whats needed is a way to free farmers from the grip of these monopolies with free software and usurious OEM-operated software ecosystems. This panel will bring together experts on farming and farm equipment, embedded device security and policy (e.g. right to repair) to discuss ways to liberate farmers with free software.
Licence: CC BY SA 4.0
22:42
viogpu(4), a VirtIO GPU driver, added to -current OpenBSD Journal
Joshua Stein (jcs@) has committed
viogpu(4),
which provides support for the virtio(4)
GPU interface (provided by QEMU and other virtual machines) to
create a wscons(4)
console.
CVSROOT: /cvs
Module name: src
Changes by: jcs@cvs.openbsd.org 2023/04/20 13:28:31
Modified files:
share/man/man4 : Makefile
sys/arch/amd64/conf: GENERIC
sys/arch/arm64/conf: GENERIC RAMDISK
sys/dev/pv : files.pv virtio.c virtioreg.h
sys/dev/wscons : wsconsio.h
Added files:
share/man/man4 : viogpu.4
sys/dev/pv : viogpu.c viogpu.h
Log message:
add viogpu, a VirtIO GPU driver
works enough to get a console on qemu with more work to come from
others
feedback from miod
ok patrick
Great stuff! This moves us closer to having a fully functional wscons console on virtual machines in those specific environments too. We will be watching further development closely.
22:33
Distribution Release: Ubuntu Unity 23.04 DistroWatch.com: News
Rudra Saraswat has announced the availability of Ubuntu Unity "Ubuntu Unity 23.04 'Lunar Lobster' has now been released. It is the first distribution to ship Unity 7.7....
22:13
GhostToken Flaw Could Let Attackers Hide Malicious Apps in Google Cloud Platform The Hacker News
Cybersecurity researchers have disclosed details of a now-patched zero-day flaw in Google Cloud Platform (GCP) that could have enabled threat actors to conceal an unremovable, malicious application inside a victim's Google account. Dubbed GhostToken by Israeli cybersecurity startup Astrix Security, the shortcoming impacts all Google accounts, including enterprise-focused Workspace accounts. It
22:00
Rusticl With RadeonSI Driver Nearing OpenCL Conformance Phoronix
While the upcoming Mesa 23.1 stable release enables RadeonSI build support for Rusticl and is working out overall, the RadeonSI driver with this Rust-written OpenCL driver is nearing the point of officially passing OpenCL conformance...
21:51
Seagate Hit With $300 Million Fine for Shipping 7.4 Million HDDs to Huawei SoylentNews
U.S. government imposes record fine on Seagate for violating sanctions against Seagate:
Seagate has been hit with a massive $300 million fine by the U.S. Department of Commerce [PDF] for violating export control restrictions imposed on Huawei in 2020. The report shows that the U.S. Department of Commerce states that Seagate shipped millions of hard drives to Huawei in 2020 2021 and become the sole supplier of HDDs to the company while its rivals Toshiba and Western Digital refrained to work with the conglomerate.
Seagate shipped 7.4 million hard drives to Huawei on 429 occasions between August 2020 and September 2021 without obtaining an export license from the U.S. Department of Commerce's Bureau of Industry and Security. Those drives were worth around $1.104 billion back then, a significant sum for Seagate, which revenue totaled $10.681 billion in 2021.
To settle the matter, Seagate has agreed to pay the $300 million fine in quarterly instalments of $15 million over five years starting in October 2023. The civil penalty of $300 million is more than double the estimated net profits that Seagate made from the alleged illegal exports to or involving Huawei, according to BIS. In fact, $300 million is a record fine for BIS.
"Today's action is the consequence: the largest standalone administrative resolution in our agency's history," said Matthew S. Axelrod, Assistant Secretary for Export Enforcement. "This settlement is a clarion call about the need for companies to comply rigorously with BIS export rules, as our enforcement team works to ensure both our national security and a level playing field."
Read more of this story at SoylentNews.
21:50
14 Kubernetes and Cloud Security Challenges and How to Solve Them The Hacker News
Recently, Andrew Martin, founder and CEO of ControlPlane, released a report entitled Cloud Native and Kubernetes Security Predictions 2023. These predictions underscore the rapidly evolving landscape of Kubernetes and cloud security, emphasizing the need for organizations to stay informed and adopt comprehensive security solutions to protect their digital assets. In response, Uptycs, the first
21:10
Twitter Up in Flames (Like a Flaming Rocket) Techrights
2 years ago Freenode started dying, and its deja vu all over again
Summary: Twitter is making moves that destroy itself every single day or at least every single week; while the media obsesses over some blue NFTs there are vastly worse changes underway and underneath; Twitter is dismantling the very core of Twitter (to most users this isnt visible but it is profound)
The Techrights IRC network and our IRC community will turn 15 next month (the channel registration was in May 2008, albeit with a different name and under Freenode, i.e. a third party network). Over the years weve used more bots than we can remember. Some were developed by others, some were developed by us, and sometimes we modified other networks programs. This diverse combination of programs gave us access, usually over API pipelines, to Twitter, Identi.ca, Fediverse etc. Those were like a fashion and the APIs too kept breaking. In 2018 Twitter shut many applications out of API access and last night Twitter took that a step further: it basically suspended lots and lots of applications to the point of breaking one of our bots. Ive since then fixed the issue by surgically removing any connections to Twitter, but one can imagine that others were deeply dependent on such APIs and the traffic/activity at Twitter will nosedive.
Just before midnight last night I got the following E-mail message (there was a prior one dated earlier this month):
Application suspension notice
Hello,
This is a notice that your app IRC bot for techrights.org has been suspended from accessing the Twitter API. However, you can self-serve reactivate your app for free.
Please take the following steps to get your app quickly running again on the new Free or Basic plans available at developer.twitter.com:
1. Subscribe to either Free or Basic via our website.
2. When signing up, you will be able to pick 1 (Free) or 2 (Basic) apps that you want to remain active. They will be reactivated automatically after you complete your sign-up.
3. Please update the code in your app to use v2 endpoints this is valid to all endpoints except for media upload endpoints which are not currently supported on v2 so you can continue to use those on v1.1.We apologize for any inconveniences this transition m...
21:00
Getting The Most From Fading ThinkPads Hackaday
The ThinkPad line of laptops has been widely prized not only by businesses but also by those who appreciate a high standard of hardware quality and repairability. But some think the cracks are starting to form in their reputation, as it seems that new ThinkPads are sacrificing quality for aesthetics and cost. As a result a huge modding scene has popped up around models that are a few years old like [Cal] found out when working on this X230.
At first he only made some cosmetic improvements to the laptop like replacing the worn palm rest, but quickly found himself in a rabbit hole with other upgrades like swapping out the keyboard and battery. The new keyboard is a 7-row X220 keyboard, which required modification of the connector and flashing the embedded controller with a hacked image to change the keyboard map without needing to make changes at the OS level. From there, he decided to replace the lackluster screen with a 19201080 matte IPS panel using an adapter board from Nitrocaster, and finished off his upgrades with a customized Coreboot...
20:40
Intel's Game Plan For Getting The Xe Linux Kernel Graphics Driver Upstreamed Phoronix
For more than one year Intel's been working on developing the Xe Linux kernel graphics driver as a modern Direct Rendering Manager driver for Gen12 and newer integrated/discrete graphics. For recent hardware this is to replace the existing i915 kernel driver usage. The Intel open-source developers continue working toward the milestone of being able to submit this driver for mainlining in the upstream Linux kernel...
20:22
SETI and Signal Leakage: Where Do Our Transmissions Go? Centauri Dreams Imagining and Planning Interstellar Exploration
The old trope about signals from Earth reaching other civilizations receives an interesting twist when you ponder just what those signals might be. In his novel Contact, Carl Sagan has researchers led by Ellie Arroway discover an encrypted TV signal showing images from the Berlin Olympics in 1936. Thus returned, the signal announces contact (in a rather uncomfortable way). More comfortable is the old reference to aliens watching I Love Lucy episodes in their expanding cone of flight that began in 1951. How such signals could be detected is another matter.
Im reminded of a good friend whose passion for classical music has caused him to amass a collection of recordings that rival the holdings of a major archive. John likes to compare different versions of various pieces of music. How did Beecham handle Delius A Walk in the Paradise Garden as opposed to Leonard Slatkin? Collectors find fascination in such things. And one day John called me with a question. He was collecting the great radio broadcasts that Toscanini had made with the NBC Symphony Orchestra beginning in 1937. His question: Are they still out there somewhere?
Image: A screenshot of Arturo Toscanini from the World War II era film Hymn of the Nations, December, 1943. Credit: US Office of War Information.
Johns collection involved broadcasts that had been preserved in recordings, of course, but he wanted to know if somewhere many light years away another civilization could be listening to these weekly broadcasts, which lasted (on Earth) until 1954. We mused on such things as the power levels of such signal leakage (not to mention the effect of the ionosphere on AM radio wavelengths!), and the fact that radio transmissions lose power with the square of distance, so that those cherished Toscanini broadcasts are now hopelessly scattered. At least John has the Earthly versions, having finally found the last missing broadcast, making a complete set for his collection.
Toscanini was a genius, and these recordings are priceless (John gave me the complete first year on a set of CDs theyre received a lot of play at my house). But lets play around with this a bit more, because a new paper from Reilly Derrick (UCLA) and Howard Isaacson (UC-Berkeley) tweaks my attention. The authors note that when it comes to the leakage of signals into space, a 5 MW UHF television picture has effective radiated power of 5 x 106 W and an effect...
20:12
Valve Lands Another Radeon Vulkan Performance Optimization For An "Upcoming Game" Phoronix
Yesterday just hours after writing about a RADV optimization by Valve for an "upcoming game" to nearly match the performance they see under Windows, another performance improvement for an "upcoming game" has been merged...
20:02
Cisco fixed critical flaws in the Industrial Network Director and Modeling Labs solutions Security Affairs
Cisco released security updates to address critical security flaws in its Industrial Network Director and Modeling Labs solutions.
Cisco released security updates to address critical security vulnerabilities in the Industrial Network Director and Modeling Labs solutions.
An attacker can exploit these vulnerabilities to inject arbitrary operating system commands or access sensitive data.
One of the issues tracked as CVE-2023-20036 (CVSS score: 9.9) resides in the web UI of the Cisco Industrial Network Director. An attacker can exploit the flaw to execute arbitrary commands with administrative privileges on the underlying operating system.
A vulnerability in the web UI of Cisco IND could allow an authenticated, remote attacker to execute arbitrary commands with administrative privileges on the underlying operating system of an affected device. reads the advisory. This vulnerability is due to improper input validation when uploading a Device Pack. An attacker could exploit this vulnerability by altering the request that is sent when uploading a Device Pack. A successful exploit could allow the attacker to execute arbitrary commands as NT AUTHORITY\SYSTEM on the underlying operating system of an affected device.
Cisco also addressed a file permissions vulnerability, tracked as CVE-2023-20039 (CVSS score: 5.5), that can allow an authenticated, local attacker to read application data.
This vulnerability is due to insufficient default file permissions that are applied to the application data directory. An attacker could exploit this vulnerability by accessing files in the application data directory. A successful exploit could allow the attacker to view sensitive information. reads the advisory published by the company.
The IT giant addressed the flaws with the release of
The two flaws were reported to the company by an unnamed external researcher.
20:00
SLOB Removal Submitted Ahead Of The Linux 6.4 Kernel Cycle Phoronix
With the Linux 6.3 kernel likely being released as stable on Sunday, pull requests have already begun to be submitted of feature code for the Linux 6.4 merge window...
19:56
FreeBSD Has A Great Start To 2023 With Numerous Accomplishments Phoronix
This week the FreeBSD project published their Q1-2023 status report that outlines various technical and organization accomplishments made for the past quarter...
19:55
N.K. Hackers Employ Matryoshka Doll-Style Cascading Supply Chain Attack on 3CX The Hacker News
The supply chain attack targeting 3CX was the result of a prior supply chain compromise associated with a different company, demonstrating a new level of sophistication with North Korean threat actors. Google-owned Mandiant, which is tracking the attack event under the moniker UNC4736, said the incident marks the first time it has seen a "software supply chain attack lead to another software
19:21
Distribution Release: Edubuntu 23.04 DistroWatch.com: News
Amy Eickmeyer has announced the availability of Edubuntu 23.04, a brand-new release from the project that seeks to bring the freedom of the Linux desktop and the vast library of open source education software into the classroom. Edubuntu has been revived after a 9-year hiatus. The release announcement,....
19:06
This New Technology Could Blow Away GPT-4 and Everything Like It SoylentNews
In a paper published in March, artificial intelligence (AI) scientists at Stanford University and Canada's MILA institute for AI proposed a technology that could be far more efficient than GPT-4 -- or anything like it -- at gobbling vast amounts of data and transforming it into an answer.
Known as Hyena, the technology is able to achieve equivalent accuracy on benchmark tests, such as question answering, while using a fraction of the computing power. In some instances, the Hyena code is able to handle amounts of text that make GPT-style technology simply run out of memory and fail.
"Our promising results at the sub-billion parameter scale suggest that attention may not be all we need," write the authors. That remark refers to the title of a landmark AI report of 2017, 'Attention is all you need'. In that paper, Google scientist Ashish Vaswani and colleagues introduced the world to Google's Transformer AI program. The transformer became the basis for every one of the recent large language models.
But the Transformer has a big flaw. It uses something called "attention," where the computer program takes the information in one group of symbols, such as words, and moves that information to a new group of symbols, such as the answer you see from ChatGPT, which is the output.
That attention operation -- the essential tool of all large language programs, including ChatGPT and GPT-4 -- has "quadratic" computational complexity (Wiki "time complexity" of computing). That complexity means the amount of time it takes for ChatGPT to produce an answer increases as the square of the amount of data it is fed as input.
At some point, if there is too much data -- too many words in the prompt, or too many strings of conversations over hours and hours of chatting with the program -- then either the program gets bogged down providing an answer, or it must be given more and more GPU chips to run faster and faster, leading to a surge in computing requirements.
In the new paper, 'Hyena Hierarchy: Towards Larger Convolutional Language Models', posted on the arXiv pre-print server, lead author Michael Poli of Stanford and his colleagues propose to replace the Transformer's attention function with something sub-quadratic, namely Hyena.
Read more of this story at SoylentNews.
18:00
Linux Server, Wakey, Wakey Hackaday
We all know we should save energy and not leave computers on all the time. It is probably better for the computer, too. But when you operate a home server, it isnt feasible to just turn it on when you want to use it and then turn it off again. Or is it? [Daniel] decided that was exactly what he wanted to do, and it was quite an adventure to get there.
The trick is to use a Raspberry Pi they dont draw nearly the power a big computer does to stay awake to facilitate the process. The Pi watches for ARP requests for the sleeping machine and replies on its behalf so that other network nodes can find the machine even when it isnt on.
The server itself detects if it is idle in a cron job. When it finds that there are no SSH or other service connections for a set period of time, it suspends the machine to RAM, putting it in a low-power mode. Waking a sleeping computer up over the network is a solved problem, and [Daniel] investigated several wake-on-lan solutions.
There were several oddities to work out, including a Mac pinging an unused network share, and a router that was making NetBIOS queries. However, [Daniel] found a $30 router that could do port mirroring and that helped a lot with troubleshooting.
This is one of those things where his recipe wont exactly fit your situation. But the post has a lot of good information and some nice tricks for troubleshooting any kind of network bizarreness.
...
17:46
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Open Source Security
Posted by Christian Heinrich on Apr 21
Stig,The responsibility for this fix is therefore with the maintainers of
the CPAN modules who accepted the residual risk as documented at
https://metacpan.org/pod/HTTP::Tiny#SSL-SUPPORT rather than HTTP:Tiny
itself.
17:44
Re: ncurses fixes upstream Open Source Security
Posted by Sevan Janiyan on Apr 21
Yes, there's a source dump mirror on github.https://github.com/apple-oss-distributions/top
Sevan
17:22
IRC Proceedings: Thursday, April 20, 2023 Techrights
php
Also available via the Gemini protocol at:
- gemini://gemini.techrights.org/irc-gmi/irc-log-techrights-200423.gmi
- gemini://gemini.techrights.org/irc-gmi/irc-log-200423.gmi
- gemini://gemini.techrights.org/irc-gmi/irc-log-social-200423.gmi
- gemini://gemini.techrights.org/irc-gmi/irc-log-techbytes-200423.gmi
Over HTTP:
|
|
|
|
|
|
|
|
|
|
... |
17:05
Intro to phishing: simulating attacks to build resiliency Security Affairs
Phishing attacks are a major threat to organizations, they remain a perennial choice of cybercriminals when it comes to hacking their victims.
Original post at https://cybernews.com/security/phishing-intro-to-build-resiliency/
While organizations must still account for flashy vulnerability exploitations, denial-of-service campaigns, or movie-themed cyber-heists, phishing-based social engineering attacks remain a perennial choice of cybercriminals when it comes to hacking their victims.
Phishing-borne threats
IBMs 2022 Data Breach report highlighted how effective phishing-based attacks have become, being the second leading cause of cybersecurity incidents globally, by using a sample instance that affected hundreds of international entities.
An organizations access controls and security tools (for example, secure email gateways, network filtering mechanisms, SIEM, and so on) do not guarantee relative safety either, as several classes of social engineering platforms, reverse proxies, or man-in-the-middle (MitM) frameworks are fully capable of nullifying multifactor authentication (MFA) and other traditional security protections.
A 2022 analysis of several billion document attachments, website links, and email messages, by cybersecurity firm SlashNext, reflects a 60% increase in phishing-borne attacks that focus on the exploitation of user credentials via their mobile devices.
Email security provider Proofpoints 2023 State of the Phish report reflects an ever-escalating financial loss attributed to phishing attacks but also highlights the importance of how appropriate end-user behavior greatly reduces organizational impacts arising from them.
This article will provide some insights into current phishing methods cyber-criminals leverage to exploit human behavior, performance metrics useful for measuring organizational resiliency to phishing, and examples of free tools that can be leveraged to conduct internal simulated phishing exercises.
Fresh tactics
Cybercriminals employ a blend of focused and indirect phishing methods to lure unsuspecting victims, which include targeted attacks crafted towards specific individuals or departments (spear phishing), attacks focused exclusively on high-value targets like business executives (whaling), or even tax-related schemes.
Hackers have shifted tactics recently, with a noted increase in not only telephone-oriented attack delivery (TOAD) campaigns but also conversation hijacking, a method where attackers first compromise an organizations downstream s...
17:00
Covid Doctor Who Left Hospital Job Has a Vision for Health Care Terra Forming Terra
The take home for us all, is that any form of sickness is resolved better with immediately adding vitimin C and i do mean working up to a heaping teaspoon of ascorbic acid. Even sprains and broken bones, for God's sake.
Sliding Home With Flexible Design Can Open to Glass in Summer and Enclose for Cozy Winter Terra Forming Terra
Sort of worthwhile, but i do think that we are a long way from been technically comfortable with all this. A glass house like this is properly an arboreum and optimizing the interior will be a challenge.
Plasma Self Forming electronics! Terra Forming Terra
Plasma Self Forming electronics.
Working through Robert Temples new book on Plasma, we read that there is enough data to support the idea that plasma is self forming in terms of producing ordered electronic circuits and by extension this suggests that processors are also self forming. This is a conclusion that is a leap unless there is plenty of supportive data. We can see actual potential circuits and i also know that meditation has shown me a three dimensional grid of thin pipes closely spaced. So the framework is there for making such a leap.
Ball lightening also shows us activity that supports decission making. So maybe we just need to make the leap and accept that plasma all by itself is able to self compute. Considering it represents over ninety percent of all mass out there, it is time we really took it sertiously.
I have also come to the conclusion that it is way more than we have wanted to think. After all we live in a gravity well and it is possible that its presense has been hidden by the matter we can detect and our numbers combine their separate effects.
I also conjecture that our conglomerates of NNPs out in space may just be able to spontaneously decay and produce space dust. the dust is there with any visable plasma and our elements come from somewhere and exploding stars is just not plausible. Such a decay would produce a stray photon which would elude detection and some neutrinos as well. and just why is there any dust out htere at all? Gravity wells are one way.
The whole galaxy could be leaking hydrogen and dust which would be swept up by the stars and planets. Actual production of helium would help contract the volume and the assumption of element production inside a gravity well is untestable..
This is all speculation now, but we really do need to rethink how we can detect those NNPs.
The pleasent surprise for me is that my core conjecture relating to the physical operation...
Resolution of Depression and Dementia Terra Forming Terra
.jpg)
Resolution of Depression and Dementia
The fact is that a new tool now exists and it looks promising.
16:49
Game of Trees 0.87 released OpenBSD Journal
Version 0.87 of Game of Trees has been released (and the port updated):
* got 0.87; 2023-04-19 see git repository history for per-change authorship information - add gitwrapper(1) - tog: resume blame and diff search from the first line - fix crash in got log due to NULL-deref in got_object_blob_close - add support for protecting references against 'got send -f' to gotd - fix spurious empty packfile error from gotd when rewinding a branch - tog: implement automated test harness - update the base commit ID of unmodified files if the blob ID matches - fix rebase/histedit -a leaving some files on the temporary branch - make 'got revert' and 'got rm' work on non-existent directories - got: flush stdout before printing the error in main() - when aborting rebase/histedit/merge, unlink files added by merged changes - fix 'got commit' using a bad parent commit ID when worktree is out-of-date - allow no-op merge commits to be created - fix sending merge commits - show how to fetch a pull request in got.1 pull request example section
A highlight of this release is the addition of gitwrapper(1),
a utility facilitating co-existence with git.
16:45
Operation Anime: Full Scale of Anti-Piracy Crackdown Revealed in Japan TorrentFreak
An announcement by the Brazilian government in February
revealed that the two biggest digital anime pirate sites in Brazil
had been taken down in Operation 404 offshoot, Operation Anime.
The Ministry of Justice and Public Security said the objective was to repress crimes committed against intellectual property on the internet; more specifically, piracy of Japanese cartoons, better known as anime.
The Ministry of Justice reported that the operation received support from the Content Overseas Distribution Association (CODA), an anti-piracy group that protects anime content in Japan and overseas.
While no sites were named at the time, our initial report named Animes-Vision and AnimesOnline among the most likely candidates. We also suspected that the crackdown may have been broader than the authorities in Brazil had stated at the time, with Animeyabu and Animesbr among a growing list of sites apparently heading for the hills.
CODA Confirms True Scale of Operation Anime
For operational reasons, anti-piracy group CODA was unable to comment on the February crackdown as it was taking place, but it is able to do so now. Information made available to TorrentFreak shows that while two of the largest sites were indeed targeted, the scale of the operation went far beyond that.
From February to March 2023, several malicious piracy sites of Japanese anime in Brazil, including goyabu.com and animeyabu.com, were shut down due to accusations by CODA members, CODA reports.
These pirate sites were publishing Japanese anime with subtitles in Portuguese, the local language, on the Internet without the proper authorization from the rights holders.
As part of Brazils Operation 404 anti-piracy initiative, Operation Animes was the first crackdown in Brazil against sites specializing in Japanese cartoons, targeted at a local audience. Its also the first time that CODAs members have filed a criminal referral against pirate sites focusing on an overseas market.
...
16:22
The EPA is Being Sued for Approving Cancer-Causing Plastic-Based Fuels SoylentNews
We need climate action. But just because something gets grouped under the umbrella of things that theoretically combat climate change doesn't mean it's actually good for the planet or people. In an alarming example, production of certain alternative "climate-friendly" fuels could lead to dangerous, cancer-causing emissions.
A Chevron scheme to make new plastic-based fuels, approved by the Environmental Protection Agency, could carry a 1-in-4 lifetime cancer risk for residents near the company's refinery in Pascagoula, Mississippi. A February joint report from ProPublica and the Guardian brought the problem to light. Now, a community group is fighting back against the plan, suing the EPA for approving it in the first place, as first reported by ProPublica and the Guardian in a follow-up report on Tuesday.
Cherokee Concerned Citizens, an organization that represents a ~130 home subdivision less than two miles away from Chevron's Pascagoula refinery, filed its suit to the Washington D.C. Circuit Court of Appeals on April 7. The petition demands that the court review and re-visit the EPA's rubber stamp of the Chevron proposal.
[...] Last year, the EPA greenlit Chevron's plan to emit some unnamed, truly gnarly, cancer-causing chemicals at a refinery in Pascagoula. The approval fell under an effort described as fast tracking the review of "climate-friendly new chemicals." Chevron proposed turning plastics into novel fuels, and the EPA hopped on board, in accordance with a Biden Administration policy to prioritize developing replacements for standard fossil fuels.
By opting to "streamline the review" of certain alternative fuels, the agency wrote it could help "displace current, higher greenhouse gas emitting transportation fuels," in a January 2022 press release. But also, through that "streamlining," the EPA appears to have pushed aside some major concerns.
...
15:55
Links 21/04/2023: FutureSQL 0.1.0 and Wine/Proton 8.0-1 Techrights
Contents
-
GNU/Linux
-
Desktop/Laptop
-
GamingOnLinux System76 launch multiple new powerful Linux laptops
Not one, not two but three product announcements from System76 today as theyre launching a range of new Linux powered laptops. First is the Serval WS that will be getting a refresh but theyre also bringing back the Adder WS and the Bonobo WS.
System76 said all of them can be configured with up to 64GB RAM, have at least a 144Hz display and up to 8TB of storage. In the case of the Serval WS it has a 165Hz screen, and the Bonobo WS can have up to 12TB of storage. So theres something that will hopefully fit...
-
-
15:41
Cisco and VMware Release Security Updates to Patch Critical Flaws in their Products The Hacker News
Cisco and VMware have released security updates to address critical security flaws in their products that could be exploited by malicious actors to execute arbitrary code on affected systems. The most severe of the vulnerabilities is a command injection flaw in Cisco Industrial Network Director (CVE-2023-20036, CVSS score: 9.9), which resides in the web UI component and arises as a result of
15:21
Distribution Release: Xubuntu 23.04 DistroWatch.com: News
Sean Davis has announced the release of Xubuntu 23.04, the base Ubuntu system. This release revives the concept of a "minimal" Xfce system (formerly known as "Xubuntu Core"): "The Xubuntu team is happy to announce the immediate....
15:00
This One Simple Trick Rehabilitates Scratchy Sounding Speakers Hackaday
Weve all picked up a radio and switched it on, only to hear an awful scratchy noise emitting from the speaker. [Richard Langer] is no stranger to this problem, and has identified a cheap and unusual solutionusing toilet paper!
The cause of the scratchy sound is that when the speakers paper cone warps, it can cause the voice coil to rub up against the magnet assembly. In time, this wears out insulation on the coils turns, damaging the speaker. [Richard...
14:30
The staying power of shadow IT, and how to combat risks related to it Help Net Security
There was a time, not too long ago, when most IT leaders believed shadow IT was a negligible element in their companies. They felt their IT organizations were so in control of what applications were purchased and who was granted access and that minimal adoption occurred without their knowledge. Those were the days when centralized IT was the norm, and the idea of business-led technology acquisition wasnt thought to be realistic. Not happening in my More
The post The staying power of shadow IT, and how to combat risks related to it appeared first on Help Net Security.
14:00
New infosec products of the week: April 21, 2023 Help Net Security
Heres a look at the most interesting products from the past week, featuring releases from Armorblox, Cofense, D3 Security, Sotero, Venafi, Veracode, Versa Networks, and Zyxel Networks. Zyxel SCR 50AXE boosts network security for small businesses and remote workers The feature-rich SCR 50AXE is a secure cloud-managed router that incorporates a business-class firewall, VPN gateway, WiFi 6E connectivity, and built-in subscription-free security to protect the network from threats including ransomware and malware. Cofense Protect+ defends More
The post New infosec products of the week: April 21, 2023 appeared first on Help Net Security.
13:34
Tencent Cloud Says It's Mass Producing Custom Video Chips SoylentNews
Chinese tech giant claims better performance than competing GPUs:
Chinese social media, cloud, and entertainment giant Tencent on Monday revealed that it has started mass production of a home brew video transcoding accelerator.
The announcement comes nearly two years after the company unveiled a trio of custom chips designed to accelerate everything from streaming video to networking and artificial intelligence workloads.
In a post published on WeChat, Tencent Cloud revealed that "tens of thousands" of its Canghai chips, which are designed to offload video encode/decode for latency sensitive workloads, have been deployed internally to accelerate cloud gaming and live broadcasting.
Tencent says the Canghai chip can be paired with GPUs from a variety of vendors to support low-latency game streaming. When used for video transcoding, Tencent said a single node equipped with Canghai can deliver up to 1,024 video channels . We'll note that Nvidia, with the launch of its L4 GPUs last month, made similar claims. Without real-world benchmarks, it's hard to say how either firm's claims stack up.
[...] When it comes to spinning custom chips to improve the efficiency and economics of cloud computing, Amazon Web Services gets a lot of credit. The American e-tail giant and cloud titan has developed everything from custom CPUs, AI training and inference accelerators, and smartNICs to offload many housekeeping workloads.
And while Google has developed an accelerator of its own, called the Tensor Processing Unit (TPU), most US cloud providers have largely stuck with commercially available parts from the likes of Intel, AMD, Ampere, Broadcom, or Nvidia, rather than designing their own.
However, in China, custom chips appear to be more prevalent, with development an imperative accelerated by US sanctions that mean some tech products can't be exported to the Middle Kingdom.
Read more of this story at SoylentNews.
13:30
Scammers using social media to dupe people into becoming money mules Help Net Security
Fraudsters are taking advantage of the widening fraud knowledge gap, outlining the urgent need for banks to educate and protect their customers with technology, according to Feedzai. The report reveals that while 56% of respondents have been a victim of a financial scam, many still lack the knowledge to detect and distinguish between the various types of financial crime. Consumers demand accountability Consequently, many consumers believe the responsibility for reimbursement lies with their bank, with More
The post Scammers using social media to dupe people into becoming money mules appeared first on Help Net Security.
13:00
Top three factors leading to burnout at work Help Net Security
47% of employees report feeling stressed in their everyday life, but nearly 70% believe their employer would support them in a time of need, according to Mercer Marsh Benefits. The report surveyed over 17,500 employees in 16 markets across the globe about their priorities when it comes to health and well-being, highlighting the voice of the employee so employers can better address their needs. Underlying causes of workplace stress When asked what factors put them More
The post Top three factors leading to burnout at work appeared first on Help Net Security.
12:35
Distribution Release: Ubuntu Studio 23.04 DistroWatch.com: News
Ubuntu Studio is a multimedia-focused commuity edition of Ubuntu. The project has published a new release, Ubuntu Studio 23.04, which offers nine months of support. The new version includes KDE Plasma 5.27 and the PipeWire audio server. The distribution also includes a new system installer: "Ubuntu Studio Installer....
12:30
Sotero Ransomware Protection encrypts data to prevent theft and extortion Help Net Security
Sotero has launched Sotero Ransomware Protection, giving organizations the ability to proactively protect unstructured data from attack by utilizing behavior-based detection. Most currently available ransomware solutions use a signature-based approach that detects only currently known ransomware strains a method that broadly protects against malware concerns, but does not guarantee protection against zero-day attacks. Soteros Ransomware Protection not only detects currently known ransomware, but also provides the ability to detect and protect data from zero-day More
The post Sotero Ransomware Protection encrypts data to prevent theft and extortion appeared first on Help Net Security.
12:25
Armorblox releases Graymail and Recon Attack Protection to stop malicious emails Help Net Security
Armorblox has released its newest product, Graymail and Recon Attack Protection, developed to decrease the time security teams spend managing graymail and mitigate the security risks from malicious recon attacks. This is in addition to the announcement of new capabilities across two main products of the Armorblox cloud-delivered email security and data loss prevention platform: Advanced Data Loss Prevention and Abuse Mailbox. The new capabilities are designed to enhance overall productivity across security teams by More
The post Armorblox releases Graymail and Recon Attack Protection to stop malicious emails appeared first on Help Net Security.
12:20
Cofense Protect+ defends mid-size organizations from cyber threats Help Net Security
Cofense has released Cofense Protect+, a fully integrated and automated email security solution specifically designed to protect mid-size organizations from ever-evolving cyber threats. Todays mid-market organizations are faced with growing attack surfaces and email threats that are increasing in complexity. A recent Cofense report highlighted a 569% increase in malicious phishing emails bypassing organizations traditional email security controls in 2022. Coupled with limited resources and ongoing vendor consolidation, organizations in this market may not have More
The post Cofense Protect+ defends mid-size organizations from cyber threats appeared first on Help Net Security.
12:15
Bugcrowds new self-serve PTaaS enable buyers to manage pen tests directly online Help Net Security
Bugcrowd has released new capabilities in its Penetration Testing as a Service (PTaaS) offering that enables buyers to purchase, set up, and manage pen tests directly online without a need for lengthy sales calls and scoping sessions. PTaaS is one of several solutions delivered on the Bugcrowd Security Knowledge Platform. Legacy pen test solutions are slow, nontransparent, and low impact, and other PTaaS providers deliver what are often shallow vulnerability assessmentswith neither offering access to More
The post Bugcrowds new self-serve PTaaS enable buyers to manage pen tests directly online appeared first on Help Net Security.
12:10
Concentric AIs DSPM solution identifies risk within sensitive data Help Net Security
Concentric AI will demonstrate the latest in autonomous data security at the RSA Conference 2023, including showcasing the deep learning-based Data Security Posture Management (DSPM) platform. Exhibiting in the RSA Conference, Concentric AI will demonstrate its Deep Learning-based DSPM and data classification platform, which autonomously discovers and classifies data, identifies risk within sensitive data, and creates policies to prevent data loss caused by oversharing or inappropriate use. The Concentric Semantic Intelligence solution features language models More
The post Concentric AIs DSPM solution identifies risk within sensitive data appeared first on Help Net Security.
12:00
Corelight expands AI usage across its portfolio to boost SOC efficacy Help Net Security
Corelight announced a broad expansion in the integration of AI technologies across its portfolio. AI is now used to detect a wider range of sophisticated attacks, to enrich security data with contextual insight, and to provide SOC analysts with new capabilities for understanding and reacting to security alerts. Corelight now offers a full range of advanced machine learning (ML) models across all form factors, from SaaS, to the network edge, to the datacenter. In addition More
The post Corelight expands AI usage across its portfolio to boost SOC efficacy appeared first on Help Net Security.
12:00
MRI Resolution Progresses From Millimeters to Microns Hackaday
Neuroscientists have been mapping and recreating the nervous systems and brains of various animals since the microscope was invented, and have even been able to map out entire brain structures thanks to other imaging techniques with perhaps the most famous example being the 302-neuron brain of a roundworm. Studies like these advanced neuroscience considerably but even better imaging technology is needed to study more advanced neural structures like those found in a mouse or human, and this advanced MRI machine may be just the thing to help gain better understandings of these structures.
A research team led by Duke University developed this new MRI technology using an incredibly powerful 9.4 Tesla magnet and specialized gradient coils, leading to an image resolution an impressive six orders of magnitude higher than a typical MRI. The voxels in the image measure at only 5...
11:34
A Bunch of Mastodon Posts (from mstdn.social) Were Deleted for Fake News and Violent and Harassing, and I Was Finally Banned. Heres a Few. Techrights
Reprinted with permission from Ryan
These are actual examples of what I was shown as the reason behind the bans.
Making fun of CNN and TikTok, criticizing the law in Illinois, discussing that Facebook and Reddit are nasty and spy on people.
And insulting the King of Mstdn.social.
Disrespecting the moderator was a mild taunt regarding them being too dumb to figure out what fake news is despite me always citing the news from a place like NPR or CNN or something that I was referring to.
Dont use Mastodon. Its a waste of your time.
The servers are banning each other and its turned into a bunch of nasty SJWs on one side and their counterparts, the Nazis and Child Pornographers on the other.
Theres nowhere for an anti-dogmatic Atheist Left-Libertarian with a sense of humor.
Dogma traps people into beliefs that are absolutely insane. And they never justify those beliefs with any evidence. No, things have to be this way because theyve always been that way.
Some people got together a long time ago, thousands of years before people understood anything, and when living to 30 made you a village elder, and decided it...
11:05
3CX Breach Was a Double Supply Chain Compromise Krebs on Security
We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX. The lengthy, complex intrusion has all the makings of a cyberpunk spy novel: North Korean hackers using legions of fake executive accounts on LinkedIn to lure people into opening malware disguised as a job offer; malware targeting Mac and Linux users working at defense and cryptocurrency firms; and software supply-chain attacks nested within earlier supply chain attacks.
Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file.
In late March 2023, 3CX disclosed that its desktop applications for both Windows and macOS were compromised with malicious code that gave attackers the ability to download and run code on all machines where the app was installed. 3CX says it has more than 600,000 customers and 12 million users in a broad range of industries, including aerospace, healthcare and hospitality.
3CX hired incident response firm Mandiant, which released a report on Wednesday that said the compromise began in 2022 when a 3CX employee installed a malware-laced software package distributed via an earlier software supply chain compromise that began with a tampered installer for X_TRADER, a software package provided by Trading Technologies.
This is the first time Mandiant has seen a software supply chain attack lead to another software supply chain attack, reads the April 20 Mandiant report.
Mandiant found the earliest evidence of compromise uncovered within 3CXs network was through the VPN using the employees corporate credentials, two days after the employees personal computer was compromised.
Eventually, the threat actor was able to compromise both the Windows and macOS build environments, 3CX said in an April 20 update on their blog.
Mandiant concluded that the 3CX attack...
10:48
3D-Printed Rocket Didn't Reach Orbit, but Relativity Space is Already Building its Successor SoylentNews
After its rocket failed to reach orbit last month, California-based Relativity Space doesn't want to dwell on the past. Instead, the company is leaping forward with its next launch vehicle, which promises to be bigger and better.
On Wednesday, Relativity Space announced its lessons learned from the launch of Terran-1, a 3D-printed, methane-fueled rocket that was set to break records on its first flight. The rocket took off from Cape Canaveral Space Force Station on March 22 but an engine failure prevented it from reaching orbit.
Shortly after its stage separation, the rocket engine did not reach full thrust, according to Relativity Space. The company shared key findings from the rocket anomaly, detailing that the engine's main valves opened slower than expected, preventing the propellant from reaching the thrust chamber in time.
Terran-1 is 85% 3D-printed by mass and it's also powered by a liquid methane-oxygen propellant known as methalox. [...]
[...] Unlike its predecessor, Terran-R is designed to be a much larger 3D printed, medium-to-heavy lift orbital launch vehicle capable of carrying 33.5 metric tons to orbit. The rocket's first stage will be outfitted with 13 3D-printed Aeon engines while its second stage will have a single methane-fueled engine.
Read more of this story at SoylentNews.
10:43
LibrePlanet Talk on JShelter for Browsing Securely, Presented by Libor Polk Techrights
Summary: The above LibrePlanet talk by Libor Polk was uploaded by the FSF (slides here; PeerTube link) 2.5 days ago; From the official page: The Web is used daily by billions. Even so, users are not protected from many threats by default. This presentation will introduce JShelter, a Webextension that helps in returning the browser to users. JShelter builds on top of previous Web privacy and security research. JShelter focuses on fingerprinting prevention, limitations of rich Web APIs, prevention of attacks connected to timing, and learning information about the computer, the browser, the user, and surrounding physical environment and location. JShelter provides a fingerprinting report and other feedback that can be used by future security research. Thousands of users around the world use the extension every day.
Licence: GFDL 1.3
10:02
Distribution Release: Ubuntu Cinnamon 23.04 DistroWatch.com: News
The Ubuntu Cinnamon project has published its eighth release and its first release as an official Ubuntu community edition. Ubuntu Cinnamon 23.04 offers nine months of support, ships with Cinnamon 5.6.7, and polishes the user interface. "The 23.04 release is Ubuntu Cinnamon's eighth release (I had to count).....
10:00
HPR3840: Playing the Original Civilization Hacker Public Radio
This game is pretty old, but I found that wen I started a game recently to prepare for this episode that it was still as addictive as ever. I won't claim it is essential for everyone to run out and get it, but if you did happen to find a copy somewhere and play it, you might find you enjoy it. In this episode I give a few hints about getting started with this game. Links: https://civilization.fandom.com/wiki/Help_with_playing_Civ1#Choice_of_initial_city_site https://www.palain.com/gaming/sid-meiers-civilization/playing-the-original-civilization-hints/
09:56
Links 20/04/2023: News Still Dominated by Lunar Lobster Techrights
Contents
- GNU/Linux
- Distributions and Operating Systems
- Free, Libre, and Open Source Software
- Leftovers
- Gemini* and Gopher
-
GNU/Linux
-
Desktop/Laptop
-
9to5Linux System76 Refreshes Its Serval...
-
-
09:06
Multinational ICICI Bank leaks passports and credit card numbers Security Affairs
ICICI Bank leaked millions of records with sensitive data, including financial information and personal documents of the banks clients.
- ICICI Bank, an Indian multinational valued at more than $76 billion, has more than 5,000 branches across India and is present in at least another 15 countries worldwide.
- A misconfiguration of the bank systems exposed millions of records with sensitive data.
- Among the leaked data were bank account details, bank statements, credit card numbers, full names, dates of birth, home addresses, phone numbers, emails, personal identification documents, and employees and candidates CVs.
- Cybernews contacted ICICI Bank and CERT-IN, and the company fixed the issue.
In 2022, the ICICI Banks resources were named a critical information infrastructure by the Indian government any harm to it can impact national security. However, despite the critical status of bank infrastructure on the national level, the security of crucial data was not ensured.
During the recent investigation, the Cybernews research team discovered that the bank leaked the sensitive data due to the misconfiguration of their systems.
If malicious actors accessed the exposed data, the company could have faced devastating consequences and put their clients at risk, as financial services are the main target for cybercriminals.
Leaked personal data
On February 1, the Cybernews research team discovered a misconfigured and publicly accessible cloud storage Digital Ocean bucket with over 3.6 million files belonging to ICICI Bank. Files exposed sensitive data of the bank and its clients.
Among the leaked clients data, there were bank account details, credit card numbers, full names, dates of birth, home addresses, phone numbers, and emails.
The bucket also stored files that revealed clients passports, IDs, and Indian PANs Indian taxpayer identification numbers. Bank statements and filled-in know-your-customer (KYC) forms were also leaked.
The leak affected the banks staff as well, as CVs of current employees and job candidates were observed in the storage.
Companys response...
09:00
Mystery 1802 Computer Was a Homebrew Project Hackaday
[CelGenStudios] has an impressive collection of vintage hardware. One that really struck us came from a thrift store in Canada, so the original provenance of it is unknown. It looks like someones handmade interpretation of a SOL-20. Theres a wooden and sheet metal box containing a keyboard looted from an old dedicated word processor (back when a word processor was a machine, not a piece of software). Inside? Some vintage-looking hand-drawn PC boards, including a backplane with two boards. One contains an RCA 1802 and a little bit of memory. Theres also a video card with more memory on it than the CPU.
We loved the 1802, and we disagree with [CelGenStudios] that it wasnt that popular. It was super popular in some areas. The CMOS processor was popular in spacecraft and among homebrew builders. There were a few reasons for that. Unlike some early CPUs, you didnt need much to bootstrap a system. It would run on 5V and had a DMA mode to key data in with just a few simple switches and buttons. You didnt need a ROM-based monitor to get the system to work. In addition, the design could be low power, and the static design meant you could slow or stop the clock for very low power compared to many other systems of the day.
Inside the box was also a tiny board that was a mystery. That is until he noticed that it had a connector that would fit a Commodore cassette deck. T...
08:46
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Open Source Security
Posted by Matthew Fernandez on Apr 20
I hesitate to reply to this thread because I struggle to understand whattopic it has diverged into, but I just wanted to note that embedded
browsers configured to accept a single self-signed certificate are not
uncommon in corporate environments. Thus a (non-technical) end user may
be using a browser like this that has been configured for them by device
management. Whether this is a good design/idea, I leave to others
judgement.
08:39
Re: PostgreSQL and CREATEROLE permission Open Source Security
Posted by Jeffrey Walton on Apr 20
I hope I did not misparse things when I sent the email. My apologies if I did.Jeff
08:39
Rust 1.69 Released - No Longer Includes Debug Info In Build Scripts By Default Phoronix
Rust 1.69 is out today as stable as the newest update to this increasingly popular programming language that has become passionate to many open-source developers for its memory safety guarantees and other principles...
08:20
VMware fixed a critical flaw in vRealize that allows executing arbitrary code as root Security Affairs
VMware fixed two severe flaws, tracked as CVE-2023-20864 and CVE-2023-20865, impacting the VMware Aria Operations for Logs product.
The virtualization giant VMware released security updates to address two critical vulnerabilities, tracked as CVE-2023-20864 and CVE-2023-20865, impacting the VMware Aria Operations for Logs product (formerly vRealize Log Insight).
The vulnerability CVE-2023-20864 (CVSSv3 base score of 9.8) is a deserialization issue that can be exploited by an unauthenticated attacker with network access to VMware Aria Operations for Logs to execute arbitrary code as root.
The second vulnerability, tracked as CVE-2023-20865 (CVSSv3 base score of 7.2), is a command injection issue that can be exploited by an attacker with administrative privileges in Aria Operations for Logs to execute arbitrary commands as root. The flaw was reported to the company by Y4er & MoonBack of .
Please vote for Security Affairs (https://securityaffairs.com/) as
the best European Cybersecurity Blogger Awards 2022 VOTE FOR YOUR
WINNERS
Vote for me in the sections:
- The Teacher Most Educational Blog
- The Entertainer Most Entertaining Blog
- The Tech Whizz Best Technical Blog
- Best Social Media Account to Follow (@securityaffairs)
Please nominate Security Affairs as your favorite blog.
Nominate here: https://docs.google.com/forms/d/e/1FAIpQLSfaFMkrMlrLhOBsRPKdv56Y4HgC88Bcji4V7OCxCm_OmyPoLw/viewform
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs hacking, vRealize)
The post VMware fixed a critical flaw in vRealize that allows executing arbitrary code as root appeared first on Security Affairs.
08:03
Hearing Loss May Become Reversible. SoylentNews
Potentially good news for old machinists and over-the-hill heavy metal fans:
"Five years ago, a team of researchers at the University of Rochester Medical Center (URMC) was able to regrow cochlear hair cells in mice for the first time. These hair cells are found in the cochlear region of ears in all mammals. They sense sound vibrations, convert those into brain signals, and eventually allow a person to hear and understand the different sounds around them. The new study from URMC researchers sheds light on the underlying mechanism that allowed the ear hairs to regrow in mice."
"We know from our previous work that expression of an active growth gene, called ERBB2, was able to activate the growth of new hair cells (in mammals), but we didn't fully understand why. This new study tells us how that activation is happeninga significant advance toward the ultimate goal of generating new cochlear hair cells in mammals," said Patricia White, one of the study authors and a neuroscience professor at URMC."
Read more of this story at SoylentNews.
07:44
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Open Source Security
Posted by Steffen Nurpmeso on Apr 20
Jeffrey Walton wrote in<CAH8yC8nYOGAsnPkm+f3-b7r4PvZ=QxeKT9DXK=MoFVoFDGav9w () mail gmail com>:
|On Thu, Apr 20, 2023 at 9:05AM Steffen Nurpmeso <steffen () sdaoden eu> \
|wrote:
|> Hanno Bck wrote in
|> <20230420073459.003a5be2.hanno () hboeck de>:
|>|On Wed, 19 Apr 2023 23:53:40 +0200
|>|Steffen Nurpmeso <steffen () sdaoden eu> wrote:
|>|> IMO it is no vulnerability at all since it has...
07:42
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Open Source Security
Posted by Steffen Nurpmeso on Apr 20
David A. Wheeler wrote in<A35F9CEA-C1F9-4D2B-8771-ED4EBA113B17 () dwheeler com>:
|>|Steffen Nurpmeso <steffen () sdaoden eu> wrote:
|>|> IMO it is no vulnerability at all since it has "always" been _very
|>|> clearly_ (even very lengthily) documented in the manual page.
|
|> Hanno Bck replied:
|>|A vulnerability does not go away if it's documented, and I find that a
|>|rather strange...
07:37
Distribution Release: Ubuntu Budgie 23.04 DistroWatch.com: News
The Ubuntu Budgie team have announced the availablity of a new 2024. The new reelase features software from the GNOME 44 sack, standard release supported for....
07:23
Lazarus APT group employed Linux Malware in recent attacks and was linked to 3CX supply chain attack Security Affairs
North Korea-linked APT group Lazarus employed new Linux malware in attacks that are part of Operation Dream Job.
North Korea-linked APT group Lazarus is behind a new campaign tracked as Operation DreamJob (aka DeathNote or NukeSped) that employed Linux malware.
The threat actors were observed using social engineering techniques to compromise its targets, with fake job offers as the lure.
ESET researchers detailed the full attack chain that commences with spear-phishing or direct messages on LinkedIn delivering a ZIP file containing a fake HSBC job. The archive contains a native 64-bit Intel Linux binary written in Go and named HSBC job offerpdf.
Interestingly, the file extension is not .pdf. This is because the apparent dot character in the filename is a leader dot represented by the U+2024 Unicode character. The use of the leader dot in the filename was probably an attempt to trick the file manager into treating the file as an executable instead of a PDF. reads the analysis published by ESET. This could cause the file to run when double-clicked instead of opening it with a PDF viewer.
Upon executing the file, the attackers display a decoy PDF user using xdg-open. The experts tracked dubbed the ELF downloader OdicLoader, it fetches the second-stage backdoor SimplexTea from OpenDrive.
ESET researchers added that the analysis of recent attacks revealed similarities between artifacts used in the Dream Jo...
07:06
GNOME is, of course, a widely-used desktop environment for Linux systems; on March 22, the project released GNOME 44, settings panels, quick settings, the files application, and an updated file chooser with a grid view, among others. The full list of changes can be seen in the release notes available on the GNOME website.
07:00
Intel i219-LM Had Only Been Running At ~60% Of Maximum Speed Due To Linux Driver Bug Phoronix
If you rely on an Intel I219-LM Gigabit Ethernet adapter, you will want to look forward to upgrading your Linux kernel build soon... A fix was committed today after Intel engineers discovered this particular Ethernet chipset had only been running at around 60% of its maximum speed due to a regression introduced back in 2020...
06:20
YouTube Ripper Sends Cease and Desist to Google, Hoping to Stop DMCA Abuse TorrentFreak
The DMCA takedown process allows copyright holders to report
infringing content and have it removed or taken down.
It is a powerful tool that takes millions of URLs and links offline every day. In most cases, this happens for a good reason, but some takedown efforts are questionable.
DMCA Takedown Abuse
In recent years there have been numerous examples of clear abuse and impersonations, as revealed through Googles transparency report. Abuse of the DMCA is prohibited by law and can result in legal action; Bungies $7.7 million lawsuit against an alleged fraudster is one example.
Dubious or erroneous takedown notices are not harmless. Many millions of URLs have already been mistakenly flagged and in some cases the reported links were actually removed from Googles search results.
YTMP3.nu is of the sites that sees itself as a victim of bogus takedown notices. The YouTube ripper is frequently targeted by music industry groups such as the BPI and RIAA, who accuse it of violating the DMCAs anti-circumvention provision. However, it also appears to be targeted by one or more competitors.
The site has spotted several questionable notices that urge Google to remove its URLs, without a proper basis. According to YTMP3.nu, this is the work of rivals who want to remove YTMP3 from search results, in order to improve their own ranking.
Cease and Desist
This activity has been a growing source of frustration for YTMP3.nus operator. To put an end to the abuse, the YouTube ripper asked its lawyer to send a cease and desist and preservation demand to Google.
According to the letter, YTMP3.nu is willing to take legal action against the alleged fraudsters. In addition, it reserves the right to take further steps against Google if its demands are not met within the stated deadline.
We write to you on behalf of Our Client because it appears that Google has become an unwitting tool used by third-parties to engage in fraudulent and unfair business practices that are causing Our Client significant damages, the letter starts.
Our Client is prepared to take immediate legal action against these third parties and, unless Google...
06:00
Making Neon Trees The Easy Way With No Oven Pumps Required Hackaday
Neon lamps are fun and beautiful things. Hackers do love anything that glows, after all. But producing them can be difficult, requiring specialized equipment like ovens and bombarders to fill them up with plasma. However, [kcakarevska] has found a way to make neon lamps while bypassing these difficulties.
05:39
Re: PostgreSQL and CREATEROLE permission Open Source Security
Posted by Bernd Zeimetz on Apr 20
Hi,really root? As I understand it you gain access to the DB superuser (usually
the postgres user) only. Although I could imagine that you could trick
careless admins into giving you root permissions on that way...
Bernd
05:14
Tech Employees Say They Were Being Paid to Do Nothing All Day SoylentNews
Big tech companies were apparently hiring workers to keep them from joining rival firms:
Many former employees at big tech companies are admitting that they had very little to do at their jobs, despite earning high salaries. One such under-worked and overpaid former tech worker is 33-year-old Madelyn Machado, who left Microsoft to join Facebook's parent company Meta as a recruiter in the fall of 2021.
In a viral TikTok video, Machado claimed she was hired for a $190,000 yearly salary, but had basically nothing to do during her stint at the company. "I do think a lot of these companies wanted there to be work, but there wasn't enough," she said. Talking to The Wall Street Journal, Machado said that on most days, her work included attending virtual meetings from noon until 3:30 pm before logging off for the day.
Curiously, Machado says she was told by her recruiters at Meta that she wouldn't be hiring anybody during her first year at the company. She also claims that some of her colleagues told her that they had spent two years at the company without ever hiring anyone. Unfortunately for her, she only worked for six months at Meta before being fired last year for posting TikTok videos that the company said posed a conflict of interest.
Read more of this story at SoylentNews.
05:00
Distribution Release: Ubuntu 23.04 DistroWatch.com: News
Canonical has announced the launch of Ubuntu 23.04 which carries the codename Lunar Lobster. The new release receives nine months of support and features the GNOME 44 desktop. This release also introduces a new system installer with Subiquity replacing the old Ubiquity installer. "Astrologers will be excited to....
04:59
Farmers Crippled by Satellite Failure as GPS-Guided Tractors Grind to a Halt cryptogon.com
Via: The Sydney Morning Herald: Tractors have ground to a halt in paddocks across Australia and New Zealand because of a signal failure in the satellite farmers use to guide their GPS-enabled machinery, stopping them from planting their winter crop.
04:53
Via: 9to5 Google: DeepMind is regarded to be one of the top machine learning and artificial intelligence research labs. After being an Alphabet company for the past several years, its now being folded in to form Google DeepMind. The new unit encompasses DeepMind and the Brain team from Google Research. Collective accomplishments from the past []
04:30
AMD Posts New Linux Patches Enabling Dynamic Boost Control Phoronix
A new patch series from AMD today for the Linux kernel enables Dynamic Boost Control support that can be found with some Ryzen SoCs for tuning the processor for optimal performance...
04:18
PostgreSQL and CREATEROLE permission Open Source Security
Posted by Jeffrey Walton on Apr 20
Hi Everyone,This information showed up on the pgsql-general mailing list at [1].
It appears a user with CREATEROLE can elevate to root through
pg_execute_server_program.[2]
It looks like PostgreSQL folks will be changing a recommendation and
modifying behavior at v16.[3] Here is the commit of interest: [4].
Changes will not be made for previously released versions of
PostgreSQL.[3]
PostgreSQL does not have a hardening guide. I would hate to...
04:10
Sedo is now a Browserling customer! catonmat.net
TLDR: Success!
It's another small step for a ling but one giant leap for ling-kind. See you next time!
04:01
Tidy Yr A Records Random Thoughts
The main point of blogging is so that I can google stuff on my blog instead of having to remember things. Remembering things suck! So this is a normal search for me:
But what are those results!? Download File Pdf Free Copy? HAS I BEEN HAXORED!?!
No, not really. I just had a DNS A record for new-lars.ingebrigtsen.no that I used during a previous migration of this blog from one host to another, and I had forgotten to remove it. It pointed to an IP address that was now occupied by some kind of spammy web farm (the links didnt actually lead to John Coltrane Transcriptions, but to some kind of SEO thing).
So I dont know whether it was a complete coincidence that the IP address was reused this way, or whether SEO spam people search out dangling A records and occupy them for some kind of SEO thing but Im guessing its the former.
Ive now removed the new-lars DNS entry, so hopefully Google will flush those entries in a while, and self-search becomes pleasant again for me.
04:01
CVE-2022-46365: Apache StreamPark (incubating): Logic error causing any account reset Open Source Security
Posted by Huajie Wang on Apr 20
Logic error causing any account reset in Apache StreamParkSeverity: Important
Versions Affected:
Apache StreamPark 1.0.0 before 2.0.0
Description:
When the user use apache streampark and successfully logs in, to
modify his profile, the username will be passed to the server-layer as
a parameter, but not verified whether the user name is the currently
logged user and whether the user is legal, This will allow malicious
attackers to send any...
04:00
Students Use Their Tech Know-How to Protect the Environment IEEE Spectrum
Climate change is a problem for communities around the world. To help find ways to address it through technology, EPICS in IEEE, in partnership with the United Engineering Foundation, launched the Environmental Competition last year.
According to the Natural Resources Defense Council, climate change contributes to severe weather events such as hurricanes, flooding, and tornadoes, as well as long-term drought and regularly occurring heat events in traditionally moderate climate zones.
The EPICS contest asked students and faculty at U.S. universities and colleges to use their engineering and technical skills to mitigate and address the impact of climate change in their communities. Of the 20 proposals submitted from eight institutions, 10 were approved and funded.
The competition allows students to take an idea, a passion, and turn it from a simple prototype to a fully deployed solution, says Stephanie Gillespie, associate dean of the University of New Havens engineering college, in Connecticut. Gillespie is the current EPICS in IEEE chair.
Service learning provides real-world experience
The student teams partnered with nonprofit organizations to learn how to make tangible impacts by developing technological solutions. Some teams are working on their projects as part of an engineering curriculum or a senior design project. Others are using their IEEE student branch to implement the projects.
Being on a team with such a diverse collection of engineering disciplines really provides a well-rounded engineering experience, says Mitzu Walkifucazaki, a junior studying computer science at Arizona State University and a member of the group working on the...
03:59
CVE-2022-45802: Apache StreamPark (incubating): Upload any file to any directory Open Source Security
Posted by Huajie Wang on Apr 20
Apache StreamPark (incubating): Upload any file to any directorySeverity: low
Versions Affected:
Apache StreamPark 1.0.0 before 2.0.0
Description:
Streampark allows any users to upload a jar as application, but there
is no mandatory verification of the uploaded file type, causing users
to upload some risky files, and may upload them to any directory,
Users of the affected versions should upgrade to Apache StreamPark
2.0.0 or later...
03:57
CVE-2022-45801: Apache StreamPark (incubating): LDAP Injection Vulnerability Open Source Security
Posted by Huajie Wang on Apr 20
Apache StreamPark (incubating): LDAP Injection VulnerabilitySeverity: Moderate
Versions Affected:
Apache StreamPark 1.0.0 before 2.0.0
Description:
Apache StreamPark 1.0.0 to 2.0.0 have a LDAP injection vulnerability.
LDAP Injection is an attack used to exploit web based applications
that construct LDAP statements based on user input. When an
application fails to properly sanitize user input, it's possible to
modify LDAP statements...
03:51
OpenSSL Security Advisory Open Source Security
Posted by Tomas Mraz on Apr 20
OpenSSL Security Advisory [20th April 2023]===========================================
Input buffer over-read in AES-XTS implementation on 64 bit ARM (CVE-2023-1255)
==============================================================================
Severity: Low
Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM
platform contains a bug that could cause it to read past the input buffer,
leading to a crash.
Impact summary:...
03:46
Ubuntu 23.04 (Lunar Lobster) released LWN.net
The Ubuntu 23.04 release is out. Headline features include a new installer, GNOME 44, Azure Active Directory authentication, and more.
The newest Edubuntu, Kubuntu, Lubuntu, Ubuntu Budgie, Ubuntu Cinnamon, Ubuntu Kylin, Ubuntu MATE, Ubuntu Studio, Ubuntu Unity, and Xubuntu are also being released today.
See the release notes for more information.
03:13
Intel Posts Linux Patches Enabling LASS KVM Support Phoronix
Back in January Intel engineers posted Linux patches for Linear Address Space Separation (LASS) as a feature being introduced with future Intel CPUs. Intel engineers today posted a set of patches extending that LASS support to the realm of KVM virtualization...
03:10
What? Another Comics Daze already? I dazed just a couple days ago, but my foot is still sprained, so Im still on the couch, so I might as well get some reading done
The other day, my mentis wasnt all compos, so I just read mainstream comics. Which means that today, its gonna be heavy on art comics, because thats what Ive got left. Except that I got another shipment of comics yesterday, so itll probably be more mixed
Many of the books Ill be reading today Ive bought as a result of the wonderful Alternative Comics web site. I love the format one post per book, so its easy to use it as a basis for doing shopping. And I also like that they include interior pages a cover tells me virtually nothing, but I can take a millisecond long glance at an interior page and say whether thats something Im interested in reading. (The glance doesnt tell me if the books good or not, of course, but just whether Im interested in finding out.)
And music today enough with the nostalgia already! New albums only! (Well, new to me, that is.)
| Hieroglyphic Being: There Is No Acid In This House |
 |
02:30
The EARN IT Bill Is Back, Seeking To Scan Our Messages and Photos Deeplinks
In a free society, people should not have their private correspondence constantly examined. U.S. lawmakers, we would hope, understand that individuals have the right to a private conversation without the government looking over their shoulder.
So its dismaying to see a group of U.S. Senators attempting for a third time to pass the EARN IT Act (S. 1207)a law that could lead to suspicionless scans of every online message, photo, and hosted file. In the name of fighting crime, the EARN IT Act treats all internet users like we should be in a permanent criminal lineup, under suspicion for child abuse.
Protect Our PrivacyStop "EARN IT"
What The New EARN IT Does
The EARN IT Act creates an unelected government commission, stacks it with law enforcement personnel, and then tasks it with creating best practices for running an internet website or app. The act then removes nearly 30-year-old legal protections for users and website owners, allowing state legislatures to encourage civil lawsuits and prosecutions against those who dont follow the governments best practices.
As long as they somehow tie changes in law to child sexual abuse, state lawmakers will be able to avoid longstanding legal protections, and pass new rules that allow for criminal prosecutions and civil lawsuits against websites that dont give police special access to user messages and photos. Websites and apps that use end-to-end encryption to protect user privacy will be pressured to remove or compromise the security of their services, or theyll face prosecutions and lawsuits.
If EARN IT passes, were likely to see state lawmakers step in and mandate scanning of messages and other files similar to the plan that Apple wisely walked away from last year.
Theres no doubt the sponsors intend this bill to scan user messages, photos, and files, and they wrote it with that goal in mind. They even suggested specific scanning software that could be used on users in a document published last year. The bill also makes specific allowances to allow the use of encryption to constitute evidence in court against service providers.
Bill Language Purporting To Prot...
02:28
Inside the Secret List of Websites That Make AI Like ChatGPT Sound Smart SoylentNews
Inside the secret list of websites that make AI like ChatGPT sound smart:
AI chatbots have exploded in popularity over the past four months, stunning the public with their awesome abilities, from writing sophisticated term papers to holding unnervingly lucid conversations.
Chatbots cannot think like humans: They do not actually understand what they say. They can mimic human speech because the artificial intelligence that powers them has ingested a gargantuan amount of text, mostly scraped from the internet.
This text is the AI's mainsource of information about the world as it is being built, and it influences how it responds to users. If it aces the bar exam, for example, it's probably because its training data included thousands of LSAT practice sites.
Tech companies have grown secretive about what they feed the AI. So The Washington Post set out to analyze one of these data sets to fully reveal the types of proprietary, personal, and often offensive websites that go into an AI's training data.
To look inside this black box, we analyzed Google's C4 data set, a massive snapshot of the contents of 15 million websites that have been used to instruct some high-profile English-language AIs, called large language models, including Google's T5 and Facebook's LLaMA. (OpenAI does not disclose what datasets it uses to train the models backing its popular chatbot, ChatGPT)
The Post worked with researchers at the Allen Institute for AI on this investigation and categorized the websites using data from Similarweb, a web analytics company. About a third of the websites could not be categorized, mostly because they no longer appear on the internet. Those are not shown.
We then ranked the remaining 10 million websites based on how many "tokens" appeared from each in the data set. Tokens are small bits of text used to process disorganized information typically a word or phrase.
Read more of this story at SoylentNews.
02:05
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Open Source Security
Posted by Jeffrey Walton on Apr 20
According to the HTTP::Tiny docs:Server identity verification is controversial and potentially tricky
because it depends on a (usually paid) third-party Certificate
Authority (CA) trust model to validate a certificate as legitimate.
This discriminates against servers with self-signed certificates or
certificates signed by free, community-driven CA's such as CAcert.org.
I think some of the premises no longer hold.
The...
02:04
Distribution Release: Kubuntu 23.04 DistroWatch.com: News
Version 23.04 of the Kubuntu distribution has been announced. The project's latest release includes the KDE Plasma 5.27 desktop and PulseAudio has been replaced by PipeWire as the default audio server. "The Kubuntu team is happy to announce that Kubuntu 23.04 has been released, featuring the 'beautiful' KDE....
02:04
Industry Out of Phase With Supercomputers IEEE Spectrum
Technical and economic changes in the semiconductor industry
threaten to stifle U.S. development of the next generation of
high-performance computers, warns a new report from the National
Research Council.
With Moores Law and the scaling of transistors waning, the industry is turning to chip designs that dont work for the supercomputing thats used in massive simulations. The report focuses on defense use in modeling the physics of nuclear weapons, but the changes also would affect simulations including those used for climate modeling and weather forecasting.
The National Nuclear Security Administration, responsible for the U.S. nuclear stockpile, needs to fundamentally rethink its advanced computing research, engineering, acquisition, deployment, and partnership strategy, warns the report.
NNSA has developed massive and sophisticated codes that run on supercomputers to verify the continued security and performance of nuclear weapons designed decades ago. Keeping them up to date requires new generations of supercomputers that can run more complex models faster than the months required on todays machines. But industry, which has shelled out big bucks for state-of-the-art fabs, is targeting big, profitable markets like cloud computing.
Nuclear weapons designers used computers to understand the physics of nuclear weapons long before the U.S. stopped underground nuclear testing in 1992. Since then, powerful computer models have been their primary tools for maintaining the countrys nuclear capability via NNSAs Stockpile Stewardship program.
Federal spending on supercomputers for the weapons program complemented industry investment in chip production for decades. NNSAs most powerful machine currently in operation is the Frontier computer, which began operation last year at the Oak Ridge National Laboratory, in Tennessee. It can perform 1018 (a quintillion) floating-point operations per second (flops) making it the first exascale computer. Custom-built by Cray, it can, in theory, perform 2 exaflops. Cray is building another exascale computer that will be deployed at the Los Alamos National Laboratory, in New Mexico.
But those easy days are over, says Kathy Yelick of the University of California at Berkeley. The NNSA has had a really successful run over the last 30 years with a combination of high-end computing facilities and expertise in computational science that make its labs a critical national resource, the chair of the panel that wrote the NRC report said at a 14 April online press conference. In addition t...
02:02
Experts disclosed two critical flaws in Alibaba cloud database services Security Affairs
Researchers disclosed two critical flaws in Alibaba Clouds ApsaraDB RDS for PostgreSQL and AnalyticDB for PostgreSQL.
Researchers from cloud security firm Wiz discovered two critical flaws, collectively dubbed BrokenSesame, in Alibaba Clouds ApsaraDB RDS for PostgreSQL and AnalyticDB for PostgreSQL.
ApsaraDB RDS is a managed database hosting service, meanwhile, AnalyticDB for PostgreSQL is a managed data warehousing service.
An attacker can chain the two vulnerabilities to breach tenant isolation protections and access data belonging to other users.
Wiz Research has discovered a chain of critical vulnerabilities in two of Alibaba Clouds popular services, ApsaraDB RDS for PostgreSQL and AnalyticDB for PostgreSQL. Dubbed #BrokenSesame, the vulnerabilities potentially allowed unauthorized access to Alibaba Cloud customers PostgreSQL databases and the ability to perform a supply-chain attack on both Alibaba database services, leading to an RCE on Alibaba database services. reads the advisory published by Wiz.
The experts focused their analysis on devising attack techniques to break cloud isolation by bypassing the security boundaries implemented by cloud providers and gaining access to other customers sensitive data.
The two vulnerabilities are a privilege escalation issue in AnalyticDB and a remote code execution flaw in ApsaraDB RDS. An attacker can chain the two vulnerabilities to elevate privileges to root within the container, then escape to the Kubernetes node, and obtain unauthorized access to the API server.
Once gained access to the K8s API server, the researchers used the nodes kubelet credentials to examine various cluster resources, including secrets, service accounts, and pods.
With access to the K8s API server, we utilized the nodes kubelet credentials to examine various cluster resources, including secrets, service accounts, and pods. When examining the pod list, we found pods belonging to other tenants in the same cluster. This indicated that Alibaba Cloud designed the cluster for multitenancy, meaning we could potentially gain cross-tenant access to these pods. reads the analysis.
Upon testing the credentials against the container image registry, the researchers discovered they had write permissions. With write permissions, an attacker can overwrite container images and potentially carry out a supply-chain attack on the entire service and other services images.
Wiz reported the flaws...
01:40
RADV Optimized By Valve For An Upcoming Game - Nearly Matching The Windows Performance Phoronix
Valve's Linux graphics driver developers continue relentlessly optimizing the Mesa Radeon Vulkan driver "RADV" and today landed an optimization for an unnamed, upcoming game where now it's able to nearly match the performance enjoyed under Windows...
01:30
M5StickC Turned Wearable Morse Code Trainer Hackaday
Have you ever felt the options for Morse code communication were too limited? Well, look no further than [marsPRE]s open source WristMorse communicator that can connect over WiFi, can act as a Bluetooth keyboard or just be used as a Morse Code trainer.
...
01:30
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Open Source Security
Posted by David A. Wheeler on Apr 20
That's true, but irrelevant. The problem is that this function fails toperform the security function implied by its name. If
HTTP::Tiny supports TLS (instead of rejecting it), it needs to verify TLS certs by default.
If there's function named "isodd()" where "isodd(4) === true", that's a bug,
even if the documentation said that's what it did. The function/method name
implies functionality. You could call...
01:09
Google TAG warns of Russia-linked APT groups targeting Ukraine Security Affairs
The researchers from Google TAG are warning of Russia-linked threat actors targeting Ukraine with phishing campaigns.
Russia-linked threat actors launched large-volume phishing campaigns against hundreds of users in Ukraine to gather intelligence and aimed at spreading disinformation, states Googles Threat Analysis Group (TAG).
In Q1 2023, threat actors linked to Russias military intelligence service focused their phishing campaigns on Ukraine, with the country accounting for over 60% of observed Russian targeting.
FROZENBARENTS (aka Sandworm), a group attributed to Russian Armed Forces Main Directorate of the General Staff (GRU) Unit 74455, continues to focus heavily on the war in Ukraine with campaigns spanning intelligence collection, IO, and leaking hacked data through Telegram. reads the report published by the Google TAG.
FROZENLAKE, aka Sandworm, has been active since 2000, it operates under the control of Unit 74455 of the Russian GRUs Main Center for Special Technologies (GTsST).
The group is also the author of the NotPetya ransomware that hit hundreds of companies worldwide in June 2017.
In 2022, the Russian APT used multiple wipers in attacks aimed at Ukraine, including AwfulShred, CaddyWiper, HermeticWiper, Industroyer2, IsaacWiper, WhisperGate, Prestige, RansomBoggs, and ZeroWipe.
On September 2022, the Sandworm group was observed impersonat...
01:07
US charges three men with six million dollar business email compromise plot Graham Cluley
Three Nigerian nationals face charges in a US federal court related to a business email compromise (BEC) scam that is said to have stolen more than US $6 million from victims. Read more in my article on the Tripwire State of Security blog.
01:01
LockBit ransomware for Mac coming soon? Graham Cluley
In the last couple of days it has become clear that the notorious LockBit ransomware gang has been exploring creating what could become a big headache for users of Mac computers.
00:59
CVE-2023-25601: Apache DolphinScheduler 3.0.0 to 3.1.1 python gateway has improper authentication Open Source Security
Posted by Arnout Engelen on Apr 20
Severity: importantDescription:
gateway suffered from improper authentication: an
attacker could use a socket bytes attack without authentication. python-gateway function by changing the value
`python-gateway.enabled=false` in configuration file...
00:49
Links 20/04/2023: Ubuntu 23.04 Lunar Lobster Released Techrights
Contents
-
GNU/Linux
-
Audiocasts/Shows
-
Jupiter Broadcasting Linux Action News 289
What we like about Fedora 38, why the Rust foundation is in hot water, and more.
-
-
Kernel Space
-
LWN Linux 6.2.12
I'm announcing the release of the 6.2.12 kernel. All users of the 6.2 kernel series must upgrade. The updated 6.2.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.2.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-s... thanks, greg k-h -
LWN Linux 6.1.25
-
LWN ...
-
-
00:31
[$] Disabling SELinux's runtime disable LWN.net
Distributors have been enabling the SELinux security module for nearly 20 years now, and many administrators have been disabling it on their systems for almost as long. There are a few ways in which SELinux can be disabled on any given system, including command-line options, a run-time switch, or simply not loading a policy after boot. One of those ways, however, is about to be disabled itself.
00:30
Ubuntu 23.04 "Lunar Lobster" Now Available For Download Phoronix
Ubuntu 23.04 "Lunar Lobster" release images are now available for download for those wanting to fetch the latest Ubuntu desktop or server builds or alternatively the various downstream flavors/spins...
00:10
Ubuntu 23.04 Lunar Lobster Desktop Released: Focuses on Enterprises and Everyday Linux Users FOSS Force
Ubuntu 23.04 not only brings many new features to the table for enterprise users, it has plenty of features to please its home-user base as well.
The post Ubuntu 23.04 Lunar Lobster Desktop Released: Focuses on Enterprises and Everyday Linux Users appeared first on FOSS Force.
00:08
00:01
Use Redfish to manage servers automatically Linux.com
Learn the basics of using Redfish and how to set up the Redfish Mockup Server.
Read More at Enable Sysadmin
The post Use Redfish to manage servers automatically appeared first on Linux.com.
00:00
Keebin with Kristina: the One With the Music Typewriter Hackaday
This editions community build comes from the Yes They Could, But Should They Have? file. Well, I ultimately say yes, this is intriguing. Redditor [dj_edit] looked at the venerable Model M and thought, this buckling-spring masterpiece can yet be improved upon. Yeah! Well, to each their own. I must say that it does sound great, especially with the solenoid feedback enabled via rotary encoder. Just check out the typing test.
Thursday, 20 April
23:55
Starship Flight Test cryptogon.com
Wow. It launched. 2X the thrust of Saturn 5. It cleared the tower, made it through max Q, but the first stage didnt separate. This does not appear to be a nominal situation. And then, Rapid unscheduled disassembly. Via: SpaceX:
23:54
Security updates for Thursday LWN.net
Security updates have been issued by Debian (golang-1.11), Fedora (chromium, golang-github-cenkalti-backoff, golang-github-cli-crypto, golang-github-cli-gh, golang-github-cli-oauth, golang-github-gabriel-vasile-mimetype, libpcap, lldpd, parcellite, tcpdump, thunderbird, and zchunk), Red Hat (java-11-openjdk, java-17-openjdk, and kernel), SUSE (chromium, dnsmasq, ImageMagick, nodejs16, openssl-1_0_0, openssl1, ovmf, and python-Flask), and Ubuntu (dnsmasq, libxml2, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-oem-5.17, linux-oem-6.0, linux-oem-6.1, and linux-snapdragon).
23:53
Two Critical Flaws Found in Alibaba Cloud's PostgreSQL Databases The Hacker News
A chain of two critical flaws has been disclosed in Alibaba Cloud's ApsaraDB RDS for PostgreSQL and AnalyticDB for PostgreSQL that could be exploited to breach tenant isolation protections and access sensitive data belonging to other customers. "The vulnerabilities potentially allowed unauthorized access to Alibaba Cloud customers' PostgreSQL databases and the ability to perform a supply chain
23:45
MacStealer newly-discovered malware steals passwords and exfiltrates data from infected Macs Graham Cluley
I'm still encountering people who, even after all these years, believe that their Apple Mac computers are somehow magically invulnerable to ever being infected by malware. Maybe details of this new Mac malware will change their mind...
23:43
Building Telescopes on the Moon Could Transform Astronomy SoylentNews
The Moon still has much to tell us about the early solar system:
The Moon still has much to tell us about the early solar system. Encouragingly, it also has scientific value as a platform for observational astronomy.
Lunar exploration is undergoing a renaissance. Dozens of missions, organised by multiple space agenciesand increasingly by commercial companiesare set to visit the Moon by the end of this decade. Most of these will involve small robotic spacecraft, but NASA's ambitious Artemis program, aims to return humans to the lunar surface by the middle of the decade.
[...] The potential role for astronomy of Earth's natural satellite was discussed at a Royal Society meeting earlier this year. The meeting itself had, in part, been sparked by the enhanced access to the lunar surface now in prospect. Several types of astronomy would benefit. The most obvious is radio astronomy, which can be conducted from the side of the Moon that always faces away from Earththe far side.
The lunar far side is permanently shielded from the radio signals generated by humans on Earth. During the lunar night, it is also protected from the Sun. These characteristics make it probably the most "radio-quiet" location in the whole solar system as no other planet or moon has a side that permanently faces away from the Earth. It is therefore ideally suited for radio astronomy.
[...] Radio waves with wavelengths longer than about 15m are blocked by Earth's ionoshere. But radio waves at these wavelengths reach the Moon's surface unimpeded. For astronomy, this is the last unexplored region of the electromagnetic spectrum, and it is best studied from the lunar far side. Observations of the cosmos at these wavelengths come under the umbrella of "low frequency radio astronomy." These wavelengths are uniquely able to probe the structure of the early universe, especially the cosmic "dark ages," an era before the first galaxies formed.
Read more of this story at SoylentNews.
23:40
Distribution Release: Ubuntu MATE 23.04 DistroWatch.com: News
Martin Wimpress has announced the release of Ubuntu MATE 23.04. desktop. "Ubuntu MATE 23.04 is the least exciting Ubuntu MATE release ever. The good news is, if....
23:15
Re: Checking existence of firewalled web servers in Firefox via iframe.onload Open Source Security
Posted by Stefano Di Paola on Apr 20
Absolutely agreed!What I actually see now as the most effective mitigation is the Chrome
decision to implement preflight on private network access:
https://developer.chrome.com/blog/private-network-access-preflight/
I hope to see that implemented by Firefox and other browsers as well.
As a side note, 3 years ago I released a proof of concept browser
extension that alerts the user when a website tries to perform port
scans or DNS Rebinding...
23:05
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Open Source Security
Posted by Steffen Nurpmeso on Apr 20
Hanno Bck wrote in<20230420073459.003a5be2.hanno () hboeck de>:
|On Wed, 19 Apr 2023 23:53:40 +0200
|Steffen Nurpmeso <steffen () sdaoden eu> wrote:
|> IMO it is no vulnerability at all since it has "always" been _very
|> clearly_ (even very lengthily) documented in the manual page.
|
|A vulnerability does not go away if it's documented, and I find that a
|rather strange take.
Hm no, i do not, the...
23:00
Ubuntu 23.04 Laptop Performance Mixed Against Ubuntu 22.10 Phoronix
Today marks the release of Ubuntu 23.04 "Lunar Lobster" and I've already been trying it out on a number of test systems. Up today are some initial Ubuntu 23.04 vs. 22.10 laptop benchmarks. If you were hoping though for this release to improve performance, unfortunately that doesn't appear to be the case with overall across a range of workloads Ubuntu 23.04 is similar to -- or in some areas trailing -- Ubuntu 22.10 on both Intel and AMD hardware.
22:10
Wine 8.0.1 Released With Three Dozen Bugs Fixed Phoronix
Building off the Wine 8.0 stable release from January, out today is Wine 8.0.1 as the first maintenance point release to this open-source software for enjoying Windows games and applications under Linux, Chrome OS, macOS, and other platforms...
21:56
Beyond Traditional Security: NDR's Pivotal Role in Safeguarding OT Networks The Hacker News
Why is Visibility into OT Environments Crucial? The significance of Operational Technology (OT) for businesses is undeniable as the OT sector flourishes alongside the already thriving IT sector. OT includes industrial control systems, manufacturing equipment, and devices that oversee and manage industrial environments and critical infrastructures. In recent years, adversaries have recognized the
Lazarus Group Adds Linux Malware to Arsenal in Operation Dream Job The Hacker News
The notorious North Korea-aligned state-sponsored actor known as the Lazarus Group has been attributed to a new campaign aimed at Linux users. The attacks are part of a persistent and long-running activity tracked under the name Operation Dream Job, ESET said in a new report published today. The findings are crucial, not least because it marks the first publicly documented example of the
21:53
Re: Checking existence of firewalled URLs via javascript's script.onload Open Source Security
Posted by Jeremy Stanley on Apr 20
[...]If the attacker controls the destination, they can simply record
whether the connection is successfully established at the remote
end. While this may not tell them much about what specific hosts the
victim has access to reach, it can easily leak general egress
filtering information.
21:47
1xbet Evaluate 2023 Prime On-line Lottery h+ Media
1xbet Evaluate 2023 Prime On-line Lottery
Find a casino with a excessive return to participant or average payout price. This exhibits the percentage of bets players obtain as income when taking half in at the on line casino. In general, higher odds for players are indicated by the next RTP fee.
The program provides the power to wager on sporting occasions with out opening the positioning in a browser. This is regarded by the purchasers utilizing it as one other necessary benefit. The provide from the bookie is unbelievable you could download two forms of 1xBet app Windows. People who write critiques have possession to edit or delete them at any time, and theyll be displayed so long as an account is energetic.
Start finding out video poker variations, emoji slot slot machine I was never good at English and nonetheless working on bettering my grammar. Emoji slot slot machine either method, whether its for drug addiction. The Task Manager additionally tells you the usual its using, alcoholism. If you do not agree with any provision of these Terms and Conditions or some other linked policy, dragon kings slot free spins with out registration or playing dependancy. Gaming choices include a restricted variety of slot machines, friends. In a definite change to the standard set-up, tips new slots each player reduces the number of cards in his hand where a matching card is played in the course of the spherical.
Highly rewarding, progressive slots like Mega Moolah additionally characteristic prominently within the slots section. It is one of the best online casinos that take security issues significantly. That is why it has secured the location with SSL encryption expertise. The expertise ensures across the clock safety for personal data. Players that often place their bets on this casino will be very happy to notice that they award loyalty factors. These factors accumulate on the basis of the deposits that you just make at the casino.
Some of the obtainable languages on 1XBets web site embody German, English, French, Spanish, Russian, and Portuguese, among others. Several ways of navigating the equivalent occasions are additionally current here, a matter that tends to crowd the show. If you need to easily navigate the between the out there sports activities actions with ease, wed advise you to faucet on the primary Sports hyperlink. Thereafter, faucet on the small band of sport icons that the occasions show since such dont have hover menus. These bets operate dynamic odds, which regularly change to mirror the flow into of the sport. 1xBet sportsbook has been round for a while and so far, it continues to supply punters the best sports activities activities betting experience.
Theres so much of everything sports activities, casinos, video games, promotions, varied unique playing choices, etc. This is the essence of partnership agreements between affiliate sites and the bookmaker. The associate...
21:44
1xbet Entry Is Denied The Means To Enter Using Vpn Shopper 1xbet: Top-of-the-line Betting App For Cell Sport-specific Coaching h+ Media
1xbet Entry Is Denied The Means To Enter Using Vpn Shopper 1xbet: Top-of-the-line Betting App For Cell Sport-specific Coaching
Suffice it to say that the minimal amount withdrawal quantity is 4 GHS, which makes the 1xBet sport betting firm stand out of the gang. This information might be helpful for those who wish to learn how to guess. It is worth noting that the 1xBet Ghana includes a somewhat diverse sportsbook. You can place bets on popular actions events like football, subject hockey, tennis, table tennis, handball, soccer, horse racing, and so on .
All new gamers and bettors are entitled to the 1x Bet First Deposit Bonus. This bonus doubles the amount of your first deposit, up to a maximum of $100 . If you wish to be taught more about the 1xBet bonus code, count yourself fortunate to have stumbled upon this write-up. We look at the latest 1xBet join offer, recommendations on how to reap the advantages of the totally different provides, and more. Having entered the sportsbook, you will see an enormous variety of sports activities on which to bet and these can be discovered listed down the left facet of the page.
Enter all of your personal details when prompted and then simply complete the method. Once youre on the on line casino page, click on the REGISTER or the JOIN NOW button that youll find in the top right nook of the browser window. Quantum Blackjack is, as weve already talked about above, a science-themed blackjack recreation the place you presumably can doubtlessly win as a lot as 1000x your preliminary stake. Dream Catcher Live offers you the possibility to win up to 40x your initial stake as you wager on the place you assume the wheel will stop next. The full list of all obtainable currencies can be accessed beneath Taxonomies on the Currency tab. 1XBET has unfortunately become one of those brands thats not trustworthy.
They usually supply a diverse selection of slot machines, desk video games, and different casino games. The kind of gaming that they interact in is through online casinos. They have only been operating for the past twenty years or so.
Although every desktop betting hub has its vary of specialist markets. As a gambler, wager on sportsbooks and also watch your bankroll while at it. There are different sports activities such as the English premier and horse racing staking. No stay casino sport show could be complete without a certified and friendly host to convey every little thing collectively. They are all skilled to the very best of requirements to deliver exceptional service and an unparalleled gaming experience.
It goes without saying that you want to fill all of the fields and as quickly as you are carried out just wait for the confirmation e mail. If you are a fan of lottery video games you probably can play Bet on Numbers or Keno. Check out all 1xBet winning tips today, and turn into a real pro. There is a Live Chat which is all the...
21:43
Sports Activities Betting Nz 2023 Greatest Nz Sports Activities Gambling Sites h+ Media
Sports Activities Betting Nz 2023 Greatest Nz Sports Activities Gambling Sites
Being certainly one of many largest online casinos and sports betting websites, the on line casino has a huge revenue and a good bigger roster of gamers. We due to this fact disclaim all accountability for info which might be outdated. They have over 60 software program program sport suppliers that provide punters a massive selection of gaming choices. There are 1000s of various games that will entertain its clients. On prime of that, with these differing types of themes, punters are assured that theres a recreation on the market that may go properly with their fancy.
You can deposit cash and withdraw your fund utilizing PayPal, making gambling extraordinarily smooth and convenient. We solely list protected and safe on-line PayPal Casinos, making certain a protected gambling experience for you. It is obvious on the web site when the offer is unquestionably activated. If there are just about any points with the code account activation, the players can contact that help. The odds of winning at poker online can change drastically relying on several elements, together with the expertise degree of the participants and the type of sport being performed. The best Bitcoin casinos have buyer assist teams that are prompt and helpful and might assist gamers with any problems or questions they could have.
From soccer to ice hockey, 1xBet permits you to wager on completely different sports occasions. 1xBet offers an enormous number of casino video games for entertainment. You will discover all the favored and classic video games which are widespread in other casinos.
The wagering circumstances on the bonus are similar into the circumstances of the earlier gamble . After the enrollment course of is finished you can begin to check out. The 1xbet Ghana signing up bonus lets you enhance your rating. The Ethereum blockchain and currencies produced on networks which are suitable with it are supported by MetaMask. These networks include Polygon, Binance Smart Chain, Avalanche, and Fantom.
- The bonus quantity might be credited to the client account after the primary deposit is made provided that all account particulars are totally correct.
- Apart from the signup bonus, there is a day by day jackpot promo where you can improve your chances of successful by placing more bets.
- Use a desktop or mobile browser to access the online on line casino.
- Gamers can now watch 1xBet keep matches, view livescores, watch 1xBet film and place bets with straightforward means simply.
- This 1xBet referral bonus is charged on Fridays for the first replenishment of the day and in accordance with the circumstances is much like freedom at registration.
The withdrawals are processed inside 24 hours, so you dont have to attend much. Besides that, additionally they enable for financial institution transfers, which ta...
21:42
2 Baccarat Tables From Vivo Gaming & 1xbet April 2023 h+ Media
2 Baccarat Tables From Vivo Gaming & 1xbet April 2023
In addition, youll also obtain one thousand Free Spins on your first 4 deposits. It is actually top-of-the-line deposit bonuses weve ever seen. We review and rank top websites according to our criteria to assist guide gamers in making informed choices.
However, the overwhelming majority of pros nowadays earn between $40,000 and $100,000 annually. College basketball provides bettors significantly greater potential ROI than NBA betting. What is typically important is to upload paperwork that verify your id. This is because of the legal guidelines that state that betting web sites should know who their clients are earlier than making any payments. This is to keep away from money laundering or different fraudulent behavior. Normally all betting web sites require you to make a withdrawal with the same banking method you made your deposit.
1xBet is a leading worldwide gaming and expertise company with greater than 12 years of experience in the subject, and workplaces in Europe, Asia and Latin America. The company has sponsorship offers in place with main rights holders including Serie A, Tottenham Hotspur and LaLiga Media Partner, to name a couple of. Marjosports puts at your disposal discounts, to be used on your next buy at this on-line retailer. Baseball presents the lowest potential worth across all betting sorts. College soccer provides essentially the most value to gamblers throughout all guess varieties, adopted by the NFL.
The solely factor youll have the ability to do to keep away from this isnt to take part within the bonus supply. If you win, you will earn, if you lose, you do not miss something. The minimal required deposit to stimulate the bonus supply is identical as 1 Euro.
There is a downloadable mobile app that will work on totally different devices such as, iPads, iPhones, Windows telephones, android telephones, and all brands of tablets. At first glance, anyones first impression of this website is skilled, sleek, streamlined, and really classy. The 1xBet Casino units themselves apart by offering games, bets, and choices that talk for them.
The 1xBet BD sport betting website online has moreover many reside features which will take the betting expertise into the next stage. For example, we offer several sports activities that might be watched due to our 1xBet stay streamings. Of course, poker inside the 1xBet app is inferior to world manufacturers. Still, theres an comprehensible purpose associated to the doubts of expert poker gamers, regarding the usual of this half in sports activities betting projects. Also, there are numerous mini-games in the apk, so if you dont want to wager, you presumably can have enjoyable taking part in definitely one of them. The utility has great reviews, in lots of respects because of the broad prospects, from creating an account with a welcome bonus on bets to video games....
21:30
Ex-CEO of hacked therapy clinic sentenced for failing to protect patients session notes Graham Cluley
A Finnish court has given the former CEO of a chain of psychotherapy clinics a suspended jail sentence after failing to adequately protect highly sensitive notes of patients' therapy sessions from falling into the hands of blackmailing hackers. Read more in my article on the Hot for Security blog.
21:22
Fortra Sheds Light on GoAnywhere MFT Zero-Day Exploit Used in Ransomware Attacks The Hacker News
Fortra, the company behind Cobalt Strike, shed light on a zero-day remote code execution (RCE) vulnerability in its GoAnywhere MFT tool that has come under active exploitation by ransomware actors to steal sensitive data. The high-severity flaw, tracked as CVE-2023-0669 (CVSS score: 7.2), concerns a case of pre-authenticated command injection that could be abused to achieve code execution. The
21:19
Re: Checking existence of firewalled web servers in Firefox via iframe.onload Open Source Security
Posted by Jan Klopper on Apr 20
HiThe topic is still relevant.
Combining this attack with webservices that might be present behind a
NAT network, eg IOT or appliances can result in various serious issues.
There are loads of devices that do not require csrf, or even POST for
requests that update settings or even firmware.
Performing GET requests on those internal ip's, even though no content
will be returned is still plenty dangerous.
Knowing which ip to perform...
21:18
ChatGPT's Data Protection Blind Spots and How Security Teams Can Solve Them The Hacker News
In the short time since their inception, ChatGPT and other generative AI platforms have rightfully gained the reputation of ultimate productivity boosters. However, the very same technology that enables rapid production of high-quality text on demand, can at the same time expose sensitive corporate data. A recent incident, in which Samsung software engineers pasted proprietary code into ChatGPT,
21:13
Links 20/04/2023: KDE Gear 23.04 and RISC-V Supercluster for Very Low Cost Techrights
Contents
- GNU/Linux
- Distributions and Operating Systems
- Free, Libre, and Open Source Software
- Leftovers
- Gemini* and Gopher
21:08
Re: Checking existence of firewalled web servers in Firefox via iframe.onload Open Source Security
Posted by Stefano Di Paola on Apr 20
Hello George,from time to time it happens to rediscover techniques issues.
This is one of those times :)
In 2006 there has been a lot of interest around browser based port
scans, in particular to pivot internal networks.
The following links are some of them:
http://web.archive.org/web/20060813034434/http://www.spidynamics.com/assets/documents/JSportscan.pdf
https://www.gnucitizen.org/blog/javascript-port-scanner/...
21:00
Read Comic Books on the Commodore 64 With StripStream Hackaday
Comic books are traditionally printed on paper, either as regular saddle-bound issues or in hardcover compilations. If you wanted to read them on a low-resolution screen run by an 8-bit computer, you were usually out of luck. Until now! Enter StripStream, the comic book reader for the Commodore 64.
...
21:00
DentOS 3.0 Unveiled: Open Source NOS Powering Distributed Enterprise Edge Brings Network Management, Scalability, and Security via New Rapid Release Cycle Linux.com
Read the original blog at Read More
The post DentOS 3.0 Unveiled: Open Source NOS Powering Distributed Enterprise Edge Brings Network Management, Scalability, and Security via New Rapid Release Cycle appeared first on Linux.com.
DentOS 3.0 Unveiled: Open Source NOS Powering Distributed Enterprise Edge Brings Network Management, Scalability, and Security via New Rapid Release Cycle Linux.com
Read the original post at: Read More
The post DentOS 3.0 Unveiled: Open Source NOS Powering Distributed Enterprise Edge Brings Network Management, Scalability, and Security via New Rapid Release Cycle appeared first on Linux.com.
20:56
Netflix Will Block Password Sharing Before July 2023 SoylentNews
Netflix Will Block Password Sharing Before July 2023
Netflix Will Block Password Sharing Before July 2023:
Netflix has been working on a way to block people from sharing their Netflix passwords. It was supposed to roll out in the United States already, but now it's coming to the US and other regions sometime soon.
Netflix confirmed in its recent earnings report that it will start rolling out the new account sharing limitations in the second quarter of 2023 meaning sometime between now and June 30. The company said in the report, "In Q1, we launched paid sharing in four countries and are pleased with the results. We are planning on a broad rollout, including in the US, in Q2."
In other countries where Netflix has already rolled out the changes, Netflix accounts have a "primary location" that is determined using your account history, home Wi-Fi network, and other data. Devices that aren't connected to that network and watching Netflix are automatically blocked after 31 days. The only way around the block is to add a paid "extra member" to your account, which costs less than an individual subscription, but isn't available for all types of Netflix plans.
Read more of this story at SoylentNews.
20:47
Libreboot Adds Support For An Old Dell Laptop That Can Be Found For ~$100 Used Phoronix
Libreboot as the downstream of Coreboot focused on providing fully open-source system firmware support has added support for the Dell Latitute E6400, a laptop from the Intel Core 2 Duo days that was popular with many businesses and can be found via various used channels for around $100...
20:31
Opus 1.4 Royalty-Free Audio Codec Released Phoronix
Opus 1.4 is available today as the first update in four years to this open-source, royalty-free versatile audio codec...
20:26
Daggerfly Cyberattack Campaign Hits African Telecom Services Providers The Hacker News
Telecommunication services providers in Africa are the target of a new campaign orchestrated by a China-linked threat actor at least since November 2022. The intrusions have been pinned on a hacking crew tracked by Symantec as Daggerfly, and which is also monitored by the broader cybersecurity community as Bronze Highland and Evasive Panda. The campaign makes use of "previously unseen plugins
20:25
FTC accuses payments firm of knowingly assisting tech support scammers Graham Cluley
Multinational payment processing firm Nexway has been rapped across the knuckles by the US authorities, who claim that the firm knowingly processed fraudulent credit card payments on behalf of tech support scammers. Read more in my article on the Tripwire State of Security blog.
20:17
Lutris 0.5.13 Beta 2 Released For Managing Your Games On Linux Phoronix
Following the Lutris 0.5.13 beta from mid-February, a second beta of this open-source game manager is now available...
20:11
NSO Group Used 3 Zero-Click iPhone Exploits Against Human Rights Defenders The Hacker News
Israeli spyware maker NSO Group deployed at least three novel "zero-click" exploits against iPhones in 2022 to infiltrate defenses erected by Apple and deploy Pegasus, according to the latest findings from Citizen Lab. "NSO Group customers widely deployed at least three iOS 15 and iOS 16 zero-click exploit chains against civil society targets around the world," the interdisciplinary laboratory
20:06
KDE Gear 23.04 Released With Many UI Improvements, New Features Phoronix
19:35
Preventing Malware & Cyber Attacks: Simple Tips for Your Computer HackRead | Latest Cybersecurity and Hacking News Site
By Owais Sultan
Living without the Internet is hardly imaginable today. However, the anonymity of the internet has led to the
This is a post from HackRead.com Read the original post: Preventing Malware & Cyber Attacks: Simple Tips for Your Computer
19:05
Nintendos War With 1Fichier is Not Over But Could Be For $0.00 TorrentFreak
When a company like Nintendo puts out a press release,
the entire world pays attention. This week was no different.
Nintendo has been locked in a legal battle with French file-hosting service 1fichier for the past five years. The basic facts dont appear to be in dispute; Nintendo informed 1fichier that it had found pirated copies of its games on the service, but 1fichier refused to take them down.
Nintendo responded with legal action in France and in 2021, won its case. By not taking the pirated content down, 1fichier became liable for damages, the court ruled.
Unhappy with the decision, 1fichier filed an appeal, but on April 12, 2023, the Paris Court of Appeal confirmed that 1fichiers owner, DStorage SAS, engaged its civil liability for failing to withdraw or block access to illicit copies of Nintendo games hosted on its platform, despite the notifications Nintendo had sent to it for such purposes.
Why Would 1fichier Deliberately Expose Itself?
Nintendos dispute with 1fichier sounds like a straightforward copyright case; hosting companies generally avoid liability for user-uploaded content but can pay the price if they refuse to take content down. The fundamental question not addressed by Nintendos release is why 1fichier would intentionally expose itself to so much risk and then keep digging.
For the sake of all parties involved and our own sanity, legal opinions in this matter are best left to the experts. However, were informed that this lawsuit is the product of a fundamental disagreement, not on the removal of content per se, but on the conditions laid out in French law for a notice to be considered valid.
DStorages Relationship With Customers and Content
As the operator of 1fichier, DStorage states that it provides file-hosting services for its customers and, as such, the company has a duty to ensure that their data is held securely.
The file-hoster says that the files on its servers are uploaded by users, and it is their choice whether to keep those files entirely private, or share them more widely with others. In any event, DStorage insists it has no way of knowing what files its users upload, or what decisions they make in terms of keeping files private or communicating them to the public. It does note, however, that independent court experts found that 80% of the data on its servers is never made public.
...18:38
Re: Checking existence of firewalled URLs via javascript's script.onload Open Source Security
Posted by Georgi Guninski on Apr 20
Hi, thanks for the info and for the compliment :)I can't imagine how can you check for open port/URL
without javascript, can you give reference or explanation?
You can make request, but without javascript you can't read the result.
18:36
Re: ncurses fixes upstream Open Source Security
Posted by Tavis Ormandy on Apr 20
Sure - but the question is whether it's an ncurses bug, or an Apple bug?It seems like you think it's an ncurses bug, and privileged programs
should be allowed to use attacker controlled terminfo, so long as they
don't query certain dangerous caps like rf?
I'm not so sure, although maybe ncurses should only search system paths
when getauxval(AT_SECURE).. is set? Even then, I think the common
pattern of system("tput...
18:34
Re: Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Open Source Security
Posted by Steffen Nurpmeso on Apr 20
nightmare.yeah27 () aceecat org wrote in<20230419055256.zhwa4okfxdbsc72z@beesty>:
|On Tue, Apr 18, 2023 at 02:57:41AM +0200, Solar Designer wrote:
|> On Sun, Apr 16, 2023 at 10:57:27PM +0200, Steffen Nurpmeso wrote:
|
|>> You have to do some things, and if you give up privileges
|>> thereafter, extended capabilities are gone.
|
|> POSIX saved IDs should help retain/regain the capabilities.
|
|Another (simpler?)...
18:13
Europe Will Invest 43 Billion to Make its Own Microchips SoylentNews
A European Chips Act to play catch-up with the US and Asia:
The European Union finally agreed on a new plan to boost its microchip industry. The multi-billion investment is focused on strengthening Europe's technological leadership, the EU said, but it could very well be an attempt to put the Old Continent on par with what market leaders are already doing right now.
After spending some months negotiating between the European Council and the European Parliament, the European Union has now officially approved a plentiful subsidy plan for its semiconductor industry. The European Chips Act will put 43 billion (roughly $47 billion) to bolster Europe's "competitiveness and resilience" in the microchip business, promoting an effective digital and green transition powered by hi-tech technology.
Right now, Europe has a 10% market share of global chip manufacturing; with the EU Chips Act, Brussels plans to double the EU's production capacity to 20% of the global market by 2030. The plan is also focused on strengthening Europe's research and technology capabilities over chip advancements, building innovation capacity in design manufacturing and packaging, developing an in-depth understanding of the global semiconductor supply chain, and addressing the skills shortage by attracting new talents and growing its own skilled workforce.
Microchips already are "strategic assets for key industrial value chains," the EU said, while the digital transformation opened new markets for the chip industry such as highly automated cars, cloud, IOT, connectivity, space, defense and supercomputers. The recent global semiconductor shortages also showed how the global supply chain has an "extreme" dependency on very few actors in a complex geopolitical context.
[...] As a matter of fact, the final EU Chips Act contains some additional provisions which were not included in the initial draft. Besides funding the manufacturing of cutting-edge semiconductor technology, the plan will also cover the entire value chain with older chips and research & design facilities. The EU Chips Act is coming after the world's powerhouses in the chip industry (USA, Taiwan, South Korea, Japan) have already approved or are in the process of approving their own subsidy initiatives. Therefore, Brussels' money to boost EU semiconductor output won't guarantee success.
...
18:00
Soft Robotic System for In Situ 3D Bioprinting and Endoscopic Surgery Hackaday
The progress of medical science has meant increasingly more sophisticated ways to inspect and repair the body, with a shift towards ever less invasive and more effective technologies. An exciting new field is that of in situ tissue replacement in a patient, which can be singular cells or even 3D printed tissues. This in vitro approach of culturing replacement tissues comes however with its share of issues, such as the need for a bioreactor. A more straightforward approach is printing the cells in vivo, meaning directly inside the patients body, as demonstrated by a team at the University of New South Wales Sydney with a soft robot that can print layers of living cells inside for example a GI tract.
In their paper, the team led by [Dr Thanh Nho Do] and PhD student [Mai Thanh Thai] describe the soft robot that is akin to a standard endoscope, but with a special head that has four soft microtubule artificial muscles (SMAM) for three degrees of freedom and fabric bellow actuators (FB...
17:18
IRC Proceedings: Wednesday, April 19, 2023 Techrights
Also available via the Gemini protocol at:
- gemini://gemini.techrights.org/irc-gmi/irc-log-techrights-190423.gmi
- gemini://gemini.techrights.org/irc-gmi/irc-log-190423.gmi
- gemini://gemini.techrights.org/irc-gmi/irc-log-social-190423.gmi
- gemini://gemini.techrights.org/irc-gmi/irc-log-techbytes-190423.gmi
Over HTTP:
|
|
|
|
|
|
|
|
|
|
... |
17:03
Trigona Ransomware targets Microsoft SQL servers Security Affairs
Threat actors are hacking poorly secured and Interned-exposed Microsoft SQL servers to deploy the Trigona ransomware.
Threat actors are hacking into poorly secured and public-facing Microsoft SQL servers to deploy Trigona ransomware.
Trigona is a malware strain that was discovered in October 2022, and Palo Alto Unit 42 researchers reported similarities between Trigona and the CryLock ransomware.
Trigona is written in Delphi language, it encrypts files without distinguishing their extensions and appends the ._locked extension to the filename of encrypted files.
The attackers launch brute-force or dictionary attacks against the server in an attempt to guess account credentials.
Once gained access to the server, the threat actors deploy malware that is tracked by cybersecurity firm AhnLab as CLR Shell.
CLR Shell allows operators to harvest system information and escalate privileges to LocalSystem by exploiting a vulnerability in the Windows Secondary Logon Service.
In addition, this CLR Shell malware is confirmed to have a routine that exploits privilege escalation vulnerabilities, which is believed to be due to the high privileges required by Trigona as it operates as a service. reads the report published by AhnLab. CLR Shell is a type of CLR assembly malware that receives commands from threat actors and performs malicious behaviors, similarly to the WebShells of web servers.
The analysis of the log from AhnLabs ASD shows the MS-SQL process sqlservr.exe installing Trigona under the name svcservice.exe.
When svcservice.exe is executed as a service, it executes the Trigona ransomware and also creates and executes svchost.bat used to execute the ransomware. The svchost.bat registers the Trigona binary to the Run key to maintain persistence.
The svchost.bat also deletes volume shadow copies and disables the system recovery feature to prevent victims from recovering the encrypted files.
17:00
Budweiser Goes into Scoundrel Mode Terra Forming Terra
.jpg)
IPCC adjusts temperature data to create the impression of catastrophic global warming Terra Forming Terra
And yes, unnamed crooks are dicking with the data and telling lies. THe association with co2 is nonsense and in fact we may well need to increase our CO2 to meet geolgical standards. They also ignored the geological picture. The whole point was to harness the weather for political purposes, if you can blieve that. It is why they switched from GLOBAL WARMING to CLIMATE CHANGE in their talking points.
Data can now be processed at the speed of light Terra Forming Terra
Data can now be
processed at the speed of lightThe entire western financial system has a fatal flaw that will spell its undoing Terra Forming Terra
15:37
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Open Source Security
Posted by Hanno Bck on Apr 19
A vulnerability does not go away if it's documented, and I find that arather strange take.
Also I think this discussion was had many times before, as plenty of
libraries in other language ecosystems defaulted to not checking certs
or doing incomplete checks, and over time they all defaulted to the
sane thing: To make the secure setting the default.
The fact that apparently noone has ever checked this for a major perl
library (I mean - CPAN...
15:24
GS1 Proposes Sunrise 2027 for 2D Barcodes on Products SoylentNews
GS1, the global standards organisation for barcodes, has started
to advertise their Sunrise 2027 program for adding 2D barcodes to
products.
https://www.gs1digital.link/sunrise-2027/
https://www.gs1us.org/industries-and-insights/by-topic/sunrise-2027
Long story short this adds an 2D barcode to product labels alongside the existing 1D barcode. The 2D barcode gives extra info to the retailer (assuming the manufacturer adds it to the barcode) like batch/lot #, expiry date etc and can also provide a URL for the product to the consumer where they can find out more info about the product. There's even a complete fake brand set up to show off the concept - https://dalgiardino.com/
Since most POS apps are likely going to be confused by 2 barcodes on 1 product and potentially double-charge you for your favourite box of cornflakes the scanner vendors are implementing a feature where they'll only send 1 barcode to the POS system; for legacy scanners that'll be the 1D barcode (like now), for new scanners that can read 2D barcodes it can either be specific GS1 tags or the entire barcode depending on what the POS application wants.
Note that this is already live for some manufacturers and geographies, 2027 is just when it's intended to be deployed globally.
Read more of this story at SoylentNews.
15:00
The biggest data security blind spot: Authorization Help Net Security
Too many people have access to company data they dont need. Also, too many companies focus on authentication (verifying identity) as a security measure and overlook the importance of authorization (verifying right to access). While its important to give employees access to the data they require to do their job, granting too much access increases the risk of data breaches. Maintaining proper authorization is particularly important when were facing the economic distress that comes with More
The post The biggest data security blind spot: Authorization appeared first on Help Net Security.
15:00
A Look at Segas 8-Bit 3D Glasses Hackaday
From around 2012 onwards, there was a 3D viewing and VR renaissance in the entertainment industry. That hardware has grown in popularity, even if its not yet mainstream. However, 3D tech goes back much further, as [Nicole] shows us with a look at Segas ancient 8-bit 3D glasses [via Adafruit].
[Nicole]s pair of Sega shutter glasses are battered and bruised, but she notes more modern versions are available using the same basic idea. The technology is based on liquid-crystal shutters, one for each eye. By showing the left and right eyes different images, its possible to create a 3D-vision effect even with very limited display hardware.
The glasses can be plugged directly into a Japanese Sega Master System, which hails from the mid-1980s. It sends out AC signals to trigger the liquid-crystal shutters via a humble 3.5mm TRS jack. Games like Space Harrier 3D, which were written to use the glasses, effectively run at a half-speed refresh rate. This is because of the 60 Hz NTSC or 50 Hz PAL screen refresh rate is split in half to se...
14:30
How companies are struggling to build and run effective cybersecurity programs Help Net Security
A recent Code42 report reveals a rapidly growing number of inside risk incidents and a concerning lack of training and technology, further exacerbated by increasing workforce turnover and cloud adoption. In this Help Net Security video, Joe Payne, President at CEO at Code42, discusses how data loss from insiders is not a new problem but has become more complex.
The post How companies are struggling to build and run effective cybersecurity programs appeared first on Help Net Security.
14:00
CISOs struggling to protect sensitive data records Help Net Security
Almost all IT and security leaders (96%) globally are concerned their organization will be unable to maintain business continuity following a cyberattack, according to Rubrik. Data security is becoming increasingly complex Data security is becoming increasingly complex and the datasets that require securing are growing rapidly. Rubrik internal data revealed that on average, the growth of data secured in 2022 was 25% (on premises grew 19%, cloud grew 61%, and SaaS data secured grew 236% More
The post CISOs struggling to protect sensitive data records appeared first on Help Net Security.
13:31
Microsoft Windows in Africa: From 98% to 17% in Just 14 Years Techrights
It was at 98% in January-March of 2019. Now:
Summary: Africa has already dumped Microsoft, but the winner is Google (with Android), and even though it means hundreds of millions of Linux users it does not mean digital liberation for users, so much advocacy work remains to be done
13:30
Outdated cybersecurity practices leave door open for criminals Help Net Security
Organizations experienced a significant increase in ransomware from an average of four attacks over five years in 2021 versus four attacks over the course of one year in 2022, according to ExtraHop. Of those who fell victim, 83% admitted to paying the ransom at least once. As organizations increasingly find themselves under attack, the data discovered they are drowning in cybersecurity debt unaddressed security vulnerabilities like unpatched software, unmanaged devices, shadow IT, and More
The post Outdated cybersecurity practices leave door open for criminals appeared first on Help Net Security.
13:10
Last Months LibrePlanet Talk About Free/Libre Software in Africa Techrights
From the slides of Benson Muite:
Summary: The above slide from last months LibrePlanet talk* by Benson Muite was uploaded by the FSF as part of these slides/deck; the talk itself isnt online yet (it was recommended to us), but the slides tell a good bunch of facts. A lot of people in Africa moved to Linux (Android), but not GNU/Linux (used a lot in Nigeria), hence they dont get emancipated by technology; it spies on them.
Licence: CC BY SA
4.0
________
* framatube.org (PeerTube
platform for FSF) has this
channel too, in case MediaGoblin is down. The FSF seriously
under-provisioned MediaGoblin for these new videos. Now the site
goes up and down (mostly down) and it makes MediaGoblin look bad.
Not MediaGoblins fault.
13:00
IT and business services market shows resilience with positive growth outlook Help Net Security
Worldwide IT and business services revenue is expected to grow (in constant currency) from $1.13 trillion in 2022 to $1.2 trillion in 2023, or 5.7% year-over-year growth, according to IDC. In nominal dollar-denominated revenue based on todays exchange rate, the market will grow 3.5% due to exchange rates. This represents an increase of 110 basis points from IDCs previous forecast, which projected 2023 growth to be 4.6% and less than 5% in the following years More
The post IT and business services market shows resilience with positive growth outlook appeared first on Help Net Security.
12:50
Picus Security expands its CTEM solution with CAASM and CSPM capabilities Help Net Security
Picus Security has announced the expansion of its continuous threat exposure management (CTEM) solution to help CISOs better answer the question: what is our cyber risk?. The companys new capabilities Picus Cyber Asset Attack Surface Management (CAASM) and Picus Cloud Security Posture Management (CSPM) help organizations improve their visibility by providing them with a more unified view of their threat exposure. Now, security teams can simulate real-world threats, discover unknown assets, identify misconfigurations More
The post Picus Security expands its CTEM solution with CAASM and CSPM capabilities appeared first on Help Net Security.
12:40
NICE Actimize launches SAM-10 to detect suspicious activity while reducing false positives Help Net Security
NICE Actimize has launched its Suspicious Activity Monitoring (SAM-10) solution. Built to detect more suspicious activity while reducing false positives, NICE Actimizes SAM-10 introduces enhancements to its anti-money laundering solution, incorporating multiple layers of defense which strengthen the others and offer comprehensive coverage and detection of suspicious activity for financial institutions. Part of NICE Actimizes Anti-Money Laundering suite of solutions, the new SAM-10 solutions entity-centric AML approach delivers data to enrich profiles and multiple layers More
The post NICE Actimize launches SAM-10 to detect suspicious activity while reducing false positives appeared first on Help Net Security.
12:39
Whisper Aero Wants to Make Aviation, and the Rest of the World, Quieter SoylentNews
Whisper Aero wants to make aviation, and the rest of the world, quieter:
The world is loud. If delivery drones and air taxis also known as electric vertical take-off and landing (eVTOL) aircraft gain the level of market saturation investors are hoping for, cities and neighborhoods are only going to get noisier.
That's the assumption, anyway. But Whisper Aero does not seem to care much for assumptions.
The premise of the two-year-old startup is that there should not be a trade-off between technological progress and noise: You should be able to quietly rid your lawn of leaves, heat and cool buildings, and even take an air taxi ride. To get to that future, Whisper says it has developed a never-been-done-before electric propulsion device (to get really specific, an electric ducted fan) that's both quieter and more efficient than ones already on the market.
[...] Whisper has designed an electric-ducted fan that can be scaled up or down for different applications. Over the past two years, the company has designed, built and flown nine generations of this propulsor. They've settled on a product that both reduces the amplitude how loud something is and that shifts the tonal profile of the noise to something more pleasant. The company says they've even been able to move some of the tones into the ultrasonic, beyond what the human ear can detect.
[...] Following a well-trod path in aerospace, Whisper will focus its initial commercialization efforts with the U.S. Department of Defense, an agency that they've already been working with for testing. Whisper has scored a handful of small government contracts from the DOD, including the Air Force Research Lab, to validate their propulsor.
Read more of this story at SoylentNews.
12:30
Venafi Firefly enhances the security of machine identities for cloud-native applications Help Net Security
Venafi has introduced Venafi Firefly, the lightweight machine identity issuer that supports highly distributed, cloud native environments. Part of the Venafi Control Plane for Machine Identities, Firefly enables security teams to securely meet developer-driven machine identity management requirements for cloud native workloads by issuing machine identities, such as TLS and SPIFFE, locally at high speeds across any environment. By delivering added speed, reliability, and security for machine identities in modern architectures, it helps organizations ensure More
The post Venafi Firefly enhances the security of machine identities for cloud-native applications appeared first on Help Net Security.
12:20
Daon unveils TrustX platform for identity proofing and authentication Help Net Security
Daon has unveiled TrustX, its next-generation cloud-based platform for identity proofing and authentication to support the creation and deployment of user journeys across their entire digital identity lifecycle. Daon TrustX is optimized by artificial intelligence (AI) and machine learning (ML) in order to reduce fraud and minimize friction in the customer experience, thereby providing the foundation for identity continuity. TrustX provides businesses with the tools to build, deploy, assess, monitor, and modify the digital identity More
The post Daon unveils TrustX platform for identity proofing and authentication appeared first on Help Net Security.
12:10
VMware Cross-Cloud managed services helps customers secure multi-cloud environments Help Net Security
VMware has unveiled VMware Cross-Cloud managed services, a set of prescriptive offers with enhanced partner and customer benefits that will enable skilled partners to expand their managed services practices. Cross-Cloud managed services will make building managed services faster for partners and easier to consume by customers. This will improve partner profitability while opening new opportunities for growth and expansion. The adoption of multi-cloud is helping customers become digitally smart. Multi-cloud services enable faster development of More
The post VMware Cross-Cloud managed services helps customers secure multi-cloud environments appeared first on Help Net Security.
12:00
Water Solves Mazes, Why Not Electrons? Hackaday
A few weeks ago, we looked at a video showing water solving a maze. [AlphaPhoenix] saw the same video, and it made him think about electrons finding the path of least resistance. So can you solve a maze with foil, a laser cutter, a power supply, and some pepper? Apparently, as you can see in the video below.
At first, he duplicated the water maze, but without the effect of gravity. It was hard to see the water flow, so pepper flakes made the motion of the liquid quite obvious. The real fun, though, started when he cut the maze out of foil and started running electrons across it.
It isnt easy to visualize electrons, but you can see the heat they produce using a thermal camera. Of course, a physics guru will tell you that you really arent watching electrons flow, but rather you are seeing charge moving via charge carriers. Regardless, the effect is that electricity flows, and you can see how that works with the thermal camera and develop intuition about it using the water model. A cool demo.
If you want to watch the video that inspired this one, we covered it. If you didnt get a thermal camera for a gift last year, you can buy one for yourself, but be sure to check out the comments for some options the post didn̵...
11:41
Links 19/04/2023: More Facebook Layoffs and Another Tails Release Techrights
Contents
- GNU/Linux
- Desktop Environments/WMs
- Distributions and Operating Systems
- Free, Libre, and Open Source Software
- Leftovers
- Science
- Education
- Hardware
- Health/Nutrition/Agriculture
- Proprietary
- Security
- Defence/Aggression
- Transparency/Investigative Reporting
- Environment
- Finance
- AstroTurf/Lobbying/Politics
- Censorship/Free Speech
- Freedom of Information / Freedom of the Press
- Civil Rights/Policing
- Internet Policy/Net Neutrality
- Digital Restrictions (DRM)
- Monopolies
- Gemini* and Gopher
-
GNU/Linux
-
Unix Men ...
-
11:18
NEW 'Off The Hook' ONLINE 2600 - 2600: The Hacker Quarterly
NEW 'Off The Hook' ONLINE
Posted 20 Apr, 2023 1:18:05 UTC
The new edition of Off The Hook from 04/19/2023 has been archived and is now available online.
Skype problems, listener mail, upgrades are unavoidable, the Skype problems have been resolved, the problem with the federal judiciary.
11:10
[$] LWN.net Weekly Edition for April 20, 2023 LWN.net
The LWN.net Weekly Edition for April 20, 2023 is available.
10:00
HPR3839: Rip a CD in the terminal Hacker Public Radio
Wiki ABCDE Wiki Github ABCDE Github page Git ABCDE Git page Ask Ubuntu page abcde.conf "abcde CD ripping configuration file" Custom abcde configuration file For only ogg,mp3,flac and opus custom-abcde.conf "abcde CD ripping configuration file" freedb.freedb.org is dead; use gnudb.gnudb.org instead Bugzilla entry for freedb.org Updated CDDB location in .abcde.conf CDDBURL="http://gnudb.gnudb.org/~cddb/cddb.cgi" Alias in BASH alias ripcd.mp3='abcde -o mp3' alias ripcd.opus='abcde -o opus' alias ripcd.ogg='abcde -o ogg' alias ripcd.opus='abcde -o opus' More Info https://askubuntu.com/questions/788327/use-abcde-to-produce-high-quality-flac-and-mp3-output-with-album-art-under-xenia#788757 abcde -o 'flac:-8,mp3:-b 320' -G
09:52
Recycled Core Routers Exposed Sensitive Corporate Network Info SoylentNews
Researchers are warning about a dangerous wave of unwiped, secondhand core-routers:
Cameron Camp had purchased a Juniper SRX240H router last year on eBay to use in a honeypot network he was building to study remote desktop protocol (RDP) exploits and attacks on Microsoft Exchange and industrial control systems devices. When the longtime security researcher at Eset booted up the secondhand Juniper router, to his surprise it displayed a hostname.
After taking a closer look at the device, Camp contacted Tony Anscombe, Eset's chief security evangelist, to alert him what he found on the router. "This thing has a whole treasure trove of Silicon Valley A-list software company information on it," Camp recalls telling Anscombe.
"We got very, very concerned," Camp says.
Camp and Anscombe decided to test their theory that this could be the tip of the iceberg for other decommissioned routers still harboring information from their previous owners' networks. They purchased several more decommissioned core routers -- four Cisco Systems ASA 5500, three Fortinet FortiGate, and 11 Juniper Networks SRX Series Services Gateway routers.
After dropping a few from the mix after one failed to power up and another two were actually mirrored routers from a former cluster, they found that nine of the remaining 16 held sensitive core networking configuration information, corporate credentials, and data on corporate applications, customers, vendors, and partners. The applications exposed on the routers were big-name software used in many enterprises: Microsoft Exchange, Lync/Skype, PeopleSoft, Salesforce, Microsoft SharePoint, Spiceworks, SQL, VMWare Horizon View, voice over IP, File Transfer Protocol (FTP), and Lightweight Directory Access Protocol (LDAP) applications.
[...] The routers contained one or more IPSec or VPN credentials, or hashed root passwords, and each had sufficient data for the researchers to identify the actual previous owner/operator of the device. Nearly 90% included router-to-router authentication keys and details on applications connected to the networks; some 44% had network credentials to other networks (such as a supplier or partner); 33% included third-party connections to the network; and 22% harbored customer information.
Read more of this story at SoylentNews.
09:15
QEMU 8.0 Released With 32-bit x86 Host Support Deprecated Phoronix
QEMU 8.0 is out today as the newest feature release for this processor emulator that plays an important role in the open-source Linux virtualization stack...
09:01
Smashing Security podcast #318: Tesla workers spy on drivers, and Operation Fox Hunt scams Graham Cluley
Graham wonders what would happen if his bouncing buttocks were captured on camera by a Tesla employee, and we take a look at canny scams connected to China's Operation Fox Hunt. All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.
09:00
Hacking An Apartment Garage Door With New Remotes Hackaday
[Old Alaska] had a problem. He needed a second remote for his apartment garage door, but was quoted a fee in the hundreds of dollars for the trouble of sourcing and programming another unit. Realizing this was a rip-off given the cheap hardware involved, he decided to whip up his own sneaky solution instead.
Its a simple hack, cheap and functional. An RF-activated relay with two remotes was sourced online for the princely sum of $8. [Old Alaska] then headed down to the equipment cabinet in the garage, opening the lock with the side of his own car key. He then wired the relay in parallel with the existing manual pushbutton for activating the garage door.
Sometimes, a hack doesnt have to be complicated to be useful. Many of...
09:00
OpenSSF Announces SLSA Version 1.0 Release Linux.com
Read the original post at: Read More
The post OpenSSF Announces SLSA Version 1.0 Release appeared first on Linux.com.
08:00
NFSv4 Courteous Server Linux.com
Improvements to NFS for Linux users rela
Click to Read More at Oracle Linux Kernel Development
The post NFSv4 Courteous Server appeared first on Linux.com.
list_lru Optimizations for UEK7 U1 Linux.com
Some great memory saving implemented in
Click to Read More at Oracle Linux Kernel Development
The post list_lru Optimizations for UEK7 U1 appeared first on Linux.com.
Using Intel Advanced Matrix Extensions with Oracle Linux Linux.com
Improved large dataset matrix processing
Click to Read More at Oracle Linux Kernel Development
The post Using Intel Advanced Matrix Extensions with Oracle Linux appeared first on Linux.com.
07:56
Re: Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Open Source Security
Posted by Steffen Nurpmeso on Apr 19
Demi Marie Obenour wrote in<ZD/4ODBjTesPMECg@itl-email>:
|On Tue, Apr 18, 2023 at 05:46:30PM +0200, Stig Palmquist wrote:
|> HTTP::Tiny v0.082, a Perl core module since v5.13.9 and available
|> standalone on CPAN, does not verify TLS certs by default. Users must
|> opt-in with the verify_SSL=>1 flag to verify certs when using HTTPS.
...
|IMO this is an HTTP::Tiny vulnerability.
IMO it is no vulnerability at all since it...
07:09
An Old NASA Spacecraft Will Crash to Earth on Wednesday SoylentNews
An old NASA spacecraft will crash to Earth on Wednesday:
A retired NASA spacecraft will reenter Earth's atmosphere on Wednesday, with some parts of the vehicle expected to crash to the planet's surface.
While most of the Reuven Ramaty High Energy Solar Spectroscopic Imager (RHESSI) spacecraft is expected to burn up as it enters the atmosphere at high speed, some parts of the 660-pound (300-kilogram) machine are likely to survive the descent.
The good news is that NASA says that the risk of harm coming to folks on terra firma is low at "approximately 1 in 2,467." Still, for anyone wishing to don a hard hat just in case, RHESSI is expected to reenter the atmosphere at about 9:30 p.m. ET on Wednesday, April 19, though the forecast comes with an uncertainty of plus/minus 16 hours.
[...] RHESSI entered service in 2002 and, until its retirement in 2018, it observed solar flares and coronal mass ejections from its low-Earth orbit. Its work enabled scientists to learn more about the underlying physics of how these powerful bursts of energy occur.
The spacecraft's activities included imaging the high-energy electrons that carry a large part of the energy released in solar flares. Using its imaging spectrometer, RHESSI became the first-ever mission to record gamma-ray images and high-energy X-ray images of solar flares.
[...] The mission also helped to improve measurements of the sun's shape, and demonstrated that terrestrial gamma ray flashes described by NASA as "bursts of gamma rays emitted from high in Earth's atmosphere" and which occur above some thunderstorms happen more frequently than first thought.
NASA said it retired RHESSI in 2018 after maintaining communications with it became difficult. After retaining its low-Earth orbit for the last five years, the spacecraft is about to meet a fiery end.
Read more of this story at SoylentNews.
07:04
Brazils Ministry of Justice Asks Google to Deindex Pirate Sites TorrentFreak
Over the past few years, Brazil has worked hard to combat
online piracy from various angles.
The Operation 404 campaigns, in particular, have led to numerous takedowns and arrests with the most recent wave taking place last month.
Brazils Ministry of Justice and Public Security (MJSP) praised the international mobilization which resulted in 11 arrests. In addition, 63 music apps were taken down in the enforcement push, while 128 pirate site domains were blocked by ISPs.
The objective is the removal of audio and video content, such as games and music, blocking and suspension of illegal streaming websites and applications, de-indexing of content in search engines and removal of profiles and pages on social networks, the Ministry commented at the time.
Google Court Order
These anti-piracy actions have been widely covered in the press, also internationally. Noticeably absent from the many dozens of reports were the details of the sites and apps actually targeted. A few weeks on, we may be able to partially fill this gap.
The Ministry of Justice specifically mentioned that search engines would be required to deindex domain names. We hadnt seen any evidence of that but yesterday Google made note of a court order submitted by Brazilian authorities, which requested the removal of 167 domain names from its index.
These types of government-backed blocking requests are relatively rare. While we cant confirm that these are the exact same domains that were targeted in the latest Operation 404 wave, it certainly would make sense considering the information we have available.
Vizer.tv and Other Targets
Unlike a similar notice, sent by the Ministry of Justice two years ago, the recent complaint doesnt include a copy of the court order. After that time, Google was asked to remove over 200 domains from its search results in Brazil, including The Pirate Bay, 1337x, YTS and Fmovies.
The latest notice targets many lesser-known sit...
06:57
Russian national sentenced to time served for committing money laundering for the Ryuk ransomware operation Security Affairs
Russian national Denis Mihaqlovic Dubnikov has been sentenced to time served for committing money laundering for the Ryuk ransomware operation.
Russian national Denis Dubnikov (30) has been sentenced to time served for committing money laundering for the Ryuk ransomware group. The man was also ordered to pay $2,000 in restitution.
On February 7, 2023, Dubnikov pleaded guilty in the U.S. to one count of conspiracy to commit money laundering for the Ryuk ransomware operation. The man was arrested in Amsterdam in November 2021 and was extradited to the US in August 2022.
According to the indictment, between at least August 2018 and August 2021, Dubnikov and his co-conspirators are alleged to have knowingly and intentionally laundered the proceeds of ransomware attacks on individuals and organizations throughout the United States and abroad. reads the press release published by DoJ in August. Specifically, Dubnikov and his accomplices laundered ransom payments extracted from victims of Ryuk ransomware attacks.
The Russian national received ransom payments from Ryuk operators and along with his co-conspirators used various financial transactions to conceal the ownership and the nature of the laundered proceeds.
According to the investigators, in July 2019, Dubnikov laundered more than $400,000 in Ryuk ransom proceeds. Individuals involved in the conspiracy laundered at least $70 million in ransom proceeds.
According to a joint report published in January 2021 by security firms Advanced-intel and HYAS, Ryuk operators earned, at the time of publishing the analysis, more than $150 million worth of Bitcoin from ransom paid by their victims.
Please vote for Security Affairs (https://securityaffairs.com/) as
the best European Cybersecurity Blogger Awards 2022 VOTE FOR YOUR
WINNERS
Vote for me in the sections:
- The Teacher Most Educational Blog
- The Entertainer Most Entertaining Blog
- The Tech Whizz Best Technical Blog
- Best Social Media Account to Follow (@securityaffairs)
Please nominate Security Affairs as your favorite blog.
...05:30
Mesa 23.1-rc2 Released With Initial Batch Of Fixes Phoronix
Eric Engestrom has released Mesa 23.1-rc2 right on time as the newest weekly test candidate for Mesa 23.1 as this quarter's feature update to this set of open-source OpenGL and Vulkan graphics drivers...
05:20
05:06
Take a tour of the Edgescan Cybersecurity Platform Graham Cluley
Graham Cluley Security News is sponsored this week by the folks at Edgescan. Thanks to the great team there for their support! Edgescan simplifies Vulnerability Management (VM) by delivering a single full-stack SaaS solution integrated with world-class security professionals. Edgescan helps enterprise companies consolidate managing multiple point scanning tools for each layer of the attack Continue reading "Take a tour of the Edgescan Cybersecurity Platform"
04:26
+45. If only most of us were so lucky. SoylentNews
So it says at The Register.
NASA's Ingenuity Mars Helicopter was designed to fly just five times, but last week the little rotorcraft that could clocked up its 50th flight in the red planet's thin atmosphere.
Flight 50 departed Airfield Lambda on April 13th and required 145.7 seconds to reach Airfield Mu, a 322-meter flight at a brisk 4.6 meters per second, cruising at a new height record of 18 meters above Martian soil.
On The Register's analysis of NASA's flight log Ingenuity's records are:
Longest duration flight 169.5 seconds on August 16th, 2021, during flight 12
Longest distance 704 meters on April 8th, 2022, during flight 25
Fastest flight 6.5 meters per second on April 2nd, 2023, during flight 49
Total flight time 5,349.9 seconds, or just over 89 minutes
Total horizontal flight distance 11,546 meters"When we first flew, we thought we would be incredibly lucky to eke out five flights," said Teddy Tzanetos, Ingenuity team lead at JPL, in a blog post celebrating the 50th flight . "We have exceeded our expected cumulative flight time since our technology demonstration wrapped by 1,250 percent and expected distance flown by 2,214 percent."
The Ingenuity team is now planning a 51st flight to bring the 'copter close to the "Fall River Pass" region of Jezero Crater. Future flights will head towards "Mount Julian," from where the craft will enjoy panoramic views of the nearby Belva Crater, an 800-metre dent in Mars' surface.
Read more of this story at SoylentNews.
03:45
[$] Vanilla OS shifting from Ubuntu to Debian LWN.net
Vanilla OS, a lightweight, immutable operating system designed for developers and advanced users, has been using Ubuntu as its base. However, a recent announcement has revealed that, in the upcoming Vanilla OS 2.0 Orchid release, the project will be shifting to Debian unstable (Sid) as its new base operating system. Vanilla OS is making "https://www.gnome.org/">GNOME desktop environment along with the distribution's reliance on the Snap packaging format. The decision has generated a fair amount of interest and discussion within the open-source community.
03:44
GTK3 Port Of GIMP Is "Officially Finished" Phoronix
The long-awaited port of the GIMP image manipulation program to the GTK3 toolkit is now declared "officially finished"...
03:33
Google fixed the second actively exploited Chrome zero-day of 2023 Security Affairs
Google rolled out emergency security patches to address another actively exploited high-severity zero-day flaw in the Chrome browser.
Google rolled out emergency fixes to address another actively exploited high-severity zero-day flaw, tracked as CVE-2023-2136, in its Chrome web browser.
The vulnerability is an Integer overflow in the Skia graphics library, the issue was reported by Clment Lecigne of Googles Threat Analysis Group on April 12, 2023.
A remote attackers who had compromised the renderer process can exploit the integer overflow in the Skia library to potentially perform a sandbox escape via a crafted HTML page.
Google also addressed other vulnerabilities in Chrome, below is the full list published by the company:
- [$8000][1429197] High CVE-2023-2133: Out of bounds memory access in Service Worker API. Reported by Rong Jian of VRI on 2023-03-30
- [$8000][1429201] High CVE-2023-2134: Out of bounds memory access in Service Worker API. Reported by Rong Jian of VRI on 2023-03-30
- [$3000][1424337] High CVE-2023-2135: Use after free in DevTools. Reported by Cassidy Kim(@cassidy6564) on 2023-03-14
- [$NA][1432603] High CVE-2023-2136: Integer overflow in Skia. Reported by Clment Lecigne of Googles Threat Analysis Group on 2023-04-12
- [$1000][1430644] Medium CVE-2023-2137: Heap buffer overflow in sqlite. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2023-04-05
The Stable and extended stable channel has been updated to 112.0.5615.137/138 for Windows and 112.0.5615.137 for Mac which will roll out over the coming days/weeks. Linux release coming soon. reads the advisory published by the company. Google is aware that an exploit for CVE-2023-2136 exists in the wild.
Last week, Google released an emergency security update to address the first Chrome zero-day vulnerability (CVE-2023-2033) in 2023, the company is aware of attacks in the wild exploiting the issue.
The vulnerability is a Type Confusion issue that resides in the JavaScript engine V8. The vuln...
03:27
Re: ncurses fixes upstream Open Source Security
Posted by Solar Designer on Apr 19
I'm attaching the 5 scripts from there to this message for archival,as-is (text/plain) and in tar.gz (to avoid any mangling). There's also
Ncurses.pdf, but it's too large for the mailing list because of embedded
screenshots. SHA-256's of these all:
c3b981fad88f17cc201bfa7f4230a348e30b449238e3d3406852691770876eda cost_oob_read.sh
526cde9fc78cb0712c0b725ecea316913f0302194702ebccdf1a1a146f32dac9 gen_terminfo.py...
03:08
RE: [EXTERNAL] Re: [oss-security] ncurses fixes upstream Open Source Security
Posted by Jonathan Bar Or (JBO) on Apr 19
Yes, now that the cat is out of the bag there's no point - you can find some POCs here (not every find is covered by aPOC, FYI):
https://drive.google.com/drive/u/0/folders/1XZiHbH7W7is8cwTu7DKrpwBTYuYfRZqE
Note not all of them work on Linux - some are macOS focused too.
As for Taviso's remark - obviously using "iprog", "rf" or "if" capabilities can be used maliciously if an attacker is
able to affect...
01:43
For Cybercriminal Mischief, Its Dark Web Vs Deep Web SoylentNews
A new report from cyberthreat intelligence company Cybersixgill sees threat actors swarming to digital bazaars to collaborate, buy and sell malware and credentials.
Threat actors are consolidating their use of encrypted messaging platforms, initial access brokers and generative AI models, according to security firm Cybersixgill's new report, The State of the Cybercrime Underground 2023. This report notes this is lowering the barriers to entry into cybercrime and "streamlining the weaponization and execution of ransomware attacks."
The study is built upon 10 million posts on encrypted platforms and other kinds of data dredged up from the deep, dark and clear web. Brad Liggett, director of threat intel, North America, at Cybersixgill, defined those terms:
- Clear web: Any site that is accessible via a regular browser and not needing special encryption to access (e.g., CNN.com, ESPN.com, WhiteHouse.gov).
- Deep web: Sites that are unindexed by search engines, or sites that are gated and have restricted access.
- Dark web: Sites that are only accessible using encrypted tunneling protocols such as Tor (the onion router browser), ZeroNet and I2P.
"What we're collecting in the channels across these platforms are messages," he said. "Much like if you are in a group text with friends/family, these channels are live chat groups."
Tor is popular among malefactors for the same reason: It gives people trapped in repressive regimes a way to get information to the outside world, said Daniel Thanos, vice president and head of Arctic Wolf Labs.
"Because it's a federated, peer-to-peer routing system, fully encrypted, you can have hidden websites, and unless you know the address, you're not going to get access," he said. "And the way it's routed, it's virtually impossible to track someone."
Cybercriminals use encrypted messaging platforms to collaborate, communicate and trade tools, stolen data and services partly because they offer automated functionalities that make them an ideal launchpad for cyberattacks. However, the Cybersixgill study suggests the number of threat actors is decreasing and concentrating on a handful of platforms.
Read more of this story at SoylentNews.
01:41
Google TAG Warns of Russian Hackers Conducting Phishing Attacks in Ukraine The Hacker News
Elite hackers associated with Russia's military intelligence service have been linked to large-volume phishing campaigns aimed at hundreds of users in Ukraine to extract intelligence and influence public discourse related to the war. Google's Threat Analysis Group (TAG), which is monitoring the activities of the actor under the name FROZENLAKE, said the attacks continue the "group's 2022 focus
01:33
Former Director Of National Intelligence Admits That Fauci Lied About Gain Of Function Research cryptogon.com
Via: ZeroHedge: The real reason for the campaign to silence discussion on the Wuhan lab becomes evident as the connections between Fauci, the NIH and the lab are revealed. Elements of the US government including Fauci were in fact bankrolling gain of function research on coronaviruses at Wuhan, and shielding it from government oversight. It []
01:28
Hello CBDCs, Goodbye Freedoms cryptogon.com
Via: Peak Prosperity:
01:26
Rep. Gaetz Resolution Would Make Biden Disclose Number of US Troops in Ukraine cryptogon.com
Via: Antiwar: Rep. Matt Gaetz (R-FL) on Monday introduced a resolution that would require President Biden to disclose the number of US troops inside Ukraine and share all documents outlining US military assistance for Kyiv with the House. If the resolution is passed, it would require President Biden and Secretary of Defense Lloyd Austin to []
01:16
U.S. Navy Tests Iron Man-Like Jetpacks cryptogon.com
Via: ZeroHedge: Gravity Industries showcased their Iron Man-like jetpacks at a field training exercise earlier this month in Virginia Beach, Virginia. Gravity worked with the Joint Prototyping and Experimentation Maritime program at Naval Surface Warfare Center to conduct multiple mock exercises with the jetpacks, including rapid transit from shore-to-sea and sea-to-shore missions.
01:15
Blind Eagle Cyber Espionage Group Strikes Again: New Attack Chain Uncovered The Hacker News
The cyber espionage actor tracked as Blind Eagle has been linked to a new multi-stage attack chain that leads to the deployment of the NjRAT remote access trojan on compromised systems. "The group is known for using a variety of sophisticated attack techniques, including custom malware, social engineering tactics, and spear-phishing attacks," ThreatMon said in a Tuesday report. Blind Eagle, also
01:07
Noorindoo Plasma UFO? Flashlight? cryptogon.com
I dont know, what do you think? Via: Chris Lehto:
01:00
NVIDIA GeForce RTX 4080/4090: Windows 11 vs. Ubuntu 23.04 Performance Phoronix
For those wondering how the NVIDIA Linux gaming/GPU performance is looking relative to Windows 11, here are some benchmarks using the GeForce RTX 4080 and RTX 4090 graphics cards. Both NVIDIA RTX 40 graphics cards were tested on Windows 11 Pro and Ubuntu 23.04 while primarily focusing on games making use of Valve's Steam Play to reflect current Linux gaming trends as well as featuring some other cross-platform GPU accelerated software.
00:58
Brain Images Just Got 64 Million Times Sharper cryptogon.com
Via: Duke: Magnetic resonance imaging (MRI) is how we visualize soft, watery tissue that is hard to image with X-rays. But while an MRI provides good enough resolution to spot a brain tumor, it needs to be a lot sharper to visualize microscopic details within the brain that reveal its organization. In a decades-long technical []
Wednesday, 19 April
23:54
US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws Security Affairs
UK and US agencies are warning of Russia-linked APT28 group exploiting vulnerabilities in Cisco networking equipment.
Russia-linked APT28 group accesses unpatched Cisco routers to deploy malware exploiting the not patched CVE-2017-6742 vulnerability (CVSS score: 8.8), states a joint report published by the UK National Cyber Security Centre (NCSC), the US National Security Agency (NSA), US Cybersecurity and Infrastructure Security Agency (CISA) and US Federal Bureau of Investigation (FBI).
The joint advisory provides detailed info on tactics, techniques, and procedures (TTPs) associated with APT28s attacks conducted in 2021 that exploited the flaw in Cisco routers.
The APT28 group (aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, and STRONTIUM) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election.
The group operates out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS).
Most of the APT28s campaigns leveraged spear-phishing and malware-based attacks.
According to the joint report, APT28 exploited the known vulnerability to carry out reconnaissance and reploy malware on unpatched Cisco routers.
The Russia-linked APT28 conducted the attacks in 2021 and targeted a small number of entities in Europe, U.S. government institutions, and about 250...
23:09
Melbet Casino Evaluation 2023 Get 20,000 Bonus In India h+ Media
Melbet Casino Evaluation 2023 Get 20,000 Bonus In India
The online gambling platform has developed quickly in the previous few years. MelBet is doubtless certainly one of the multi-platform websites that can provide you with different choices. Hence, punters could be confused as to the place to start out with their gambling journey. When it comes to esports betting, the playing site absolutely offers a novel experience. It provides more sports betting choices that youll ever find in different betting websites. Yes, Melbet accepts Indian players and Indian forex as properly.
In addition, it has extra spectacular guess sorts and decrease margins. This is probably the most admired sports self-discipline in India and that is why all high betting apps propose it of their catalogs. There are lots of prominent events to wager on such as the ICC Cricket World Cup, Ashes Series, T20 World cup as properly as a broad array of bet sorts. Melbet Casino takes buyer satisfaction critically, and you can also see this within the high quality of casino campaigns and promotions obtainable. Aside from the standard new buyer bonus, this website additionally runs weekly contests, free bets, and customer accumulators.
- MELbet does not initially require gamers to prove their source of wealth if they need to place sports wagers such as in cricket betting.
- You can make a bet in one click, theres a Multi-Live choice on the location, which lets you comply with several events without delay.
- Log in to the app by clicking on the avatar and utilizing your telephone number/email and profile password.
- Logging in to Melbet on line casino is simple even for inexperienced users.
- With wonderful customer service and a user-friendly interface, 7Cric is the best online casino web site for Indian gamers whore in search of a top-notch gambling experience.
Nevertheless, Melbet on-line on line casino hits by its whacking nice number of video games where there are additionally conventional Indian ones. For participants to better enjoy igaming Melbet cell app is at hand. There are many excellent betting apps out there on the web which are completely protected and legal within the nation. If you wish to wager on Indian games, you should try those legal apps as a substitute of Melbet, whose legality is nonetheless in query. In such a situation, it is definitely better for a person to play and bet on an app that is legal in India. Although, lately Rajasthan Government declared interim reduction to an internet gaming web site saying that Online Gaming is not betting/gambling.
The minimal and most deposit amounts are also listed in the table. These numbers can change, primarily for the rationale that on line casino is https://bahisanalizleri.top/ the one that comes up with the figures and not the fee strategies themselves. T...
23:07
Melbet India
But perhaps most significantly, 7Cric is thought for its fast withdrawal course of, meaning youll find a way to cash out your winnings quickly and simply. According to our personal testing, 7Cric has some of the fastest withdrawal instances of any online casino in India. Delivering a sports-focused private casino experience, right here youll find a powerful recreation vary, fortified with quick and safe cost methods. The sense of satisfaction in crossing out the numbers as theyre called, the joys of the win! Playing Bingo on-line can additionally be an effective way to unwind after a busy day. At MELbet on line casino, you can choose from many variations of the popular recreation.
After the set up is full, a brand new Melbet icon will seem on the mobile screen. Everything is prepared, now you should automate if you have already got a recreation account, or create a new one. To do that, its proposed to obtain Melbet for Android and use the complete service in a compact, however no much less convenient, cell type. Unfortunately for iOS users, it will be easier to use the cellular model of the positioning. Since set up on an iPhone or iPad is only attainable for experienced customers. In complete, the Melbet casino bonus for the primary 5 deposits is one hundred fifty,000 INR + 290 free spins.
Melbet offers exclusive bonus presents, sportsbooks, esports, stay on line casino video games. Sign up right now at Melbet India and earn the chance to position live bets and win real money. Depositing cash just isnt a difficulty anymore as Melbet additionally accepts Indian payment methods like Paytm, UPI, and so on. At Melbet Casino, we try to provide a first-class online gaming vacation spot that delivers an distinctive expertise to players worldwide. Our complete vary of providers and features are fastidiously crafted to raise your gameplay expertise and offer you unmatched leisure.
There isnt any wagering requirement for the free spins winnings. There must be activity in your account inside 30 days after your birthday. Valid for all single, accumulator and system bets, together with Live bets. The Loyalty Program is a degree based mostly incentive the place the more you play, the more bonus cash, free spins and prizes you accumulate. The variety of points awarded is decided by the quantity of your stake and the variety of outcomes included in your bet.
On high of that, you could additionally be eligible for special bonuses or video games. Moving away from casino games, there might be the choice to wager on sports. For some purpose, most sites give up the opportunity to be bookmakers. You can win insane quantities of money on bets and casinos with only one account.
This section differs from Popular in that these games are ranked by the administration of the on line casino, not the customers of the positioning. Over the final decade, the web casino sector has grown fas...
23:07
Melbet On Line Casino Evaluate h+ Media
Melbet On Line Casino Evaluate
The format of the app is in orange and black, which is quite soothing to the eyes. You can deposit the sport account utilizing your cellular gadget by way of the game account menu. [newline]Besides endless choices concerning video games, there are virtually countless bonus presents as well! Melbet accepts more than 60 fee options for users to make deposits. Some of the frequent ones include Visa, MasterCard, Bank Wire Transfer, Sticpay, Payeer, Bitcoin, Skrill, Cryptocurrencies, and many more. There is no discussion board or FAQ part provided by Melbet that can help the users get solutions to their questions. While Melbet is working onerous to rank as one of the best international casinos, its going to absolutely take a while for it to achieve that place.
Many on-line casinos run easily on cellular units and this playing web site is one of them. You can entry all MelBet on line casino on-line video games and sports betting options in your mobile browser. To ship 360-degree on line casino entertainment, MELbet hosts a variety oflive vendor casino games for Indian players. Streamed from an offsite location in HD, a live supplier on line casino offers the chance of playing your favorite slots andtable gamesin an actual reside on line casino setting.
- The Slots section supplies for sorting slot machines by suppliers.
- It takes considerable talent to win 15 WSOP bracelets and almost $23 million in match winnings.
- This is a mandatory step that must be carried out to have the ability to then make a withdrawal.
- The app presents advanced performance for users and makes sports betting quicker and simpler.
- This ensures a totally fair recreation, which means that neither the location nor the sport can stop you from winning or losing something.
Poker is arguably one of the in style card games on the earth, not simply in India. Poker is now greater than just a strategically vital sport played in on-line casinos. It has gone by way of a quantity of phases of improvement, giving rise to its varied variations. Surprisingly, most Indian online casinos have most, if not all, variants of their games lobby. From the 2,000+ video games in our Melbet on line casino in India, there are several which are repeatedly played by our shoppers.
To begin betting in Parimatch out of your smartphone, you have to obtain our app. Two versions of the consumer for Android and iOS have been developed for mobile device customers. With these versions, you presumably can wager on cricket, kabaddi and other sports, get bonuses, use the money register and communicate with assist. And because of the user-friendly interface the app can be utilized even with one hand.
There are plenty of video games made by well-liked global suppliers. Here you can play slots of Novomatic, EGT, Pragmatic Play, Booongo, Playson, Endorphina, Microgaming, and so on. Thousands of s...
23:03
Melbet On Line Casino 2023 h+ Media
Melbet On Line Casino 2023
Register now to enjoy all the advantages of the playing home. One unique feature of Dragon Tiger is the power to play with live sellers, creating a sensible and genuine ambiance that adds an extra degree of excitement to the game. Melbet offers an exciting and fast-paced gaming expertise with its Dragon Tiger recreation, a well-liked Asian casino sport. With its simple gameplay and beautiful graphics, players can enjoy the thrill of the game from the comfort of their very own properties.
Choose a cost technique and deposit the minimal quantity required to activate the bonus. In addition, the location is licensed by the Curacao Gaming Commission (No. 8048/JAZ), which proves that every game or slot machine on the location undergoes rigorous quality control. This ensures a completely truthful sport, which implies that neither the site nor the game can stop you from profitable or dropping something. Everything is honest, and anyone who has ever tried to play at a casino is certain to win a tidy sum of cash.
- The graphics and animations are top-notch, transporting players to a virtual casino the place the playing cards are handled precision and the stress within the air is palpable.
- Additionally, gamers get access to VIP cashback, free spins, and jackpots.
- Upon profitable registration and a guess with odds of at least 1.50, you will be rewarded with an thrilling Free Bet Welcome Bonus!
It is feasible for withdrawals to take wherever from 7 days to some minutes. It all is determined by how the monetary transaction is completed. Logging in to Melbet casino is straightforward even for inexperienced customers. You only need to enter your password and login to log in to your account. This data is required by the person on the time of making an account.
Terms and conditions could be barely long-winded to read via and they are often quite boring. However, there is some really important information that you should learn about it. Melbet has the most recent model of SSL encrypted software program which runs alongside the again finish of the website. It ensures that each one your private knowledge and funds are totally protected from anything dangerous online. MelBet understands the value of privateness and safety of consumer data and therefore uses robust measures to keep it protected from unauthorised access. If you are a beginner within the betting world, it is a good idea to start out with Melbet.
Melbet presents exclusive bonus provides, sportsbooks, esports, reside casino video games. Sign up at present at Melbet India and earn the opportunity to place stay bets and win real cash. Depositing money just isnt a problem anymore as Melbet additionally accepts Indian cost strategies like Paytm, UPI, and so forth. At Melbet Casino, we try to provide a first-class online gaming destination that delivers an distinctive expertise to players worldwide. Our...
23:03
Melbet India On Line Casino Evaluate h+ Media
Melbet India On Line Casino Evaluate
MPL Poker takes delight in being one of many largest and most dependable poker networks in India. We are a dedicated group of execs who put our gamers at the centre of every thing we do. As a end result, we attempt to create a poker platform that appeals to a plethora of poker players.
After that, you ought to use all the functions of Melbet bookmaker at any time and in any place. To obtain the app for Android, you want to go to the Mobile applications part on the official Melbet web site. The APK file is quite small, so it is not going to take up much space on your gadget.
To make your gambling expertise as enjoyable as possible, MelBet casino decided to work with varied software program suppliers. All on line casino recreation variations are sorted into completely different categories. You can view the out there choices by your most well-liked software or search the sport directly by typing its name.
However, to obtain this bonus its important that you just place the guess within 30 days of depositing cash into your account. Melbet is an online casino and sports activities betting platform that was founded in 2012. The company began out in the Russian market, but has since expanded to serve prospects in over 40 countries worldwide. Melbets journey to turning into a reputable on-line casino started with a focus on providing all kinds of sports betting options to customers.
- Previously, anyone thinking about competing in giant poker tournaments had to commute to Goa.
- It is totally legal to play poker video games for real money in India, offered that the state laws permit enjoying actual cash video games.
- The platform also offers common promotions, including cashback bonuses and free spins.
- It is important to review the poker classes at MPL Blog, but youll learn a lot extra should you mix this with precise enjoying time.
- Temporary promotions are located within the section of the same name, everlasting ones are within the More section.
MelBet uses high-end know-how to protect its users information. It utilizes superior 128-bit SSL Encryption and firewall technology to supply complete safety to the customers. Yes, Melbet accepts players from India, regardless of the region you are residing in the nation. Customer assist for Melbet is obtainable both in the English language and in the Hindi language.
Payment Solutions For Deposits And Withdraw
India has been one of the most important rising markets in recent years, with a inhabitants of over 1.three billion folks, a lot of whom are active pc and smartphone users. It ought to be talked about that OFC poker is often played with four folks, although it might even be performed with as little as two or three gamers. Open-Face Chinese poker differs from different poker variations since it doesnt adhere to any of the usual sport patterns...
23:01
Melbet India Casino Review 2023 Bonus Eight, h+ Media
Melbet India Casino Review 2023 Bonus Eight,
Melbet offers a self-test questionnaire as well for patrons to evaluate if their spending goes out of hand. Please ensure to ask your self these questions once in a while to play safe and addiction-free. Melbet has its Customer Service doorways thrown open 24 hours a day for the convenience of the gamers. There is an online consultant service on the website itself to help users with issues. Like we already talked about, Melbet is the place for sports fanatics.
All personal and fee data you enter in the utility is encrypted and saved on safe databases. This ensures that theres nearly no risk of leakage. All actions through pages and sections in the software are carried out in a single window.
The same amount of withdrawal strategies can be found as there are for deposit methods. Once again, we extremely counsel that you just select a payment methodology that youve got got used earlier than and that youre conversant in. If youre not conversant in any, then we highly recommend you do some research and skim via the phrases and conditions first. Melbet claimed that their deposits are prompt from the second they go away your private bank account to the second that they hit your casino account. However, be sure to have a good Wi-Fi and sign connection, in any other case, this might slow down the process.
The progressive jackpot part is price exploring if youre on the lookout for bigger banks. This section features a variety of the largest payouts in on-line playing when you can hit a winning mixture, theres a good probability that your payout will be quite excessive. [newline]The basketball line at Melbet is one of the most exceptional. Here yow will discover bets on the matches of the NBA and Euroleague and more exotic championships. The listing of available markets can be spectacular it includes bets on the whole, handicaps, individual players performance, and far more.
Players can get of their cash and out of the on line casino quickly utilizing e-wallets, and there are not any costs by the on line casino. Also, the cost solutions are internationally recognized, with local options that are fast and suitable for Indian gamers. You can access the website on mobile by way of Android, Windows and iOS devices and run the games via an online browser without glitches. This choice needs no obtain, however an app can be utilized for quick gaming when you prefer a dedicated consumer. The casino has a 24/7 reside chat to attend to customer issues, and there is a telephone and e mail service as properly. Players love the casinos vast sports activities betting choice and its thriving live casino option.
- You can even play other attention-grabbing video games like Killer Clubs and Card Odds, Solitaire or African Roulette.
- Still, the browser-based model has a number of differences from the downloadable apps.
- But the...
23:00
Melbet Casino Evaluate h+ Media
Melbet Casino Evaluate
In the Bingo game, players can choose their preferred variety of playing cards and adjust the guess size to suit their preferences. The sport options a big selection of completely different patterns and profitable combinations, with the potential for giant payouts and thrilling bonuses. With multiple variations out there, gamers can select their most popular type of gameplay. Overall, blackjack presents a thrilling and entertaining gaming experience with the potential for large wins. Its a must-try for anybody trying to enjoy the pleasure of the Melbet casino from the comfort of their very own house. The graphics and animations are top-notch, transporting players to a digital casino where the playing cards are handled precision and the tension in the air is palpable.
The app is free to download and you can log in and deposit with one click of a button and start taking half in your favorite video games no matter where you may be. No, the gaming options of the cellular and desktop variations of the software program are the identical. From a smartphone you can wager on the matches of the same sport, play the same on line casino slots and the same supplier video games as from a personal laptop. It may be troublesome for Indian gamers to discover a site where they really feel comfy inserting bets for live casino play. Although the MELbet live choice is on the small side, its still large sufficient for any person to enjoy.
If you created your account a minimum of a month before your birthday and paid a minimum of a hundred euros during this time, you could be rewarded with 20 free spins. Members solely offer Next, weve one other provide that you will certainly need to try. MELbet gives each consumer a special token of appreciation if they log into their account either on their birthday or within seven days. The casino presents you with 20 free spins that you have to use on any sport. This date coincides with the rising rise within the recognition of internet casinos. Since this time, MELbets game library has grown substantially.
- The interface is minimalistic, laconic, and easy to use, even for beginners.
- The design of the app is dominated by the colours grey, green and yellow.
- At MPL Poker, you presumably can play all of your favourite poker video games with hundreds of other players 24/7.
- MMA has turn into one of the most popular sports activities in latest times.
- Complete your round and your free bets might be awarded 24 hours later.
Many online casinos run easily on cellular gadgets and this playing site is considered one of them. You can entry all MelBet casino on-line video games and sports activities betting choices on your cellular browser. To ship 360-degree on line casino leisure, MELbet hosts a variety oflive supplier casino video games for Indian players. Streamed from an offsite location in HD, a stay dealer...
10:00
A Plea from Mike Hoye It Will Never Work in Theory
It's a difficult and vaguely antisocial thing to be dogmatic about but when I ask if there's any research about something I'm asking for actual research. As in, do you know if someone has dedicated months or years of their lives in some empirical pursuit of this question, and what they wrote down. As distinct from the first thing your imagination burped into your inner monologue when your eyes hit the "?".
Trust me, I can make up my own imaginary, uninformed opinions faster than you can type.
Mike Hoye, April 19, 2023
07:20
Try 1xbet Cell Casino Evaluate 2023 Declare Your 1500 Today! h+ Media
Try 1xbet Cell Casino Evaluate 2023 Declare Your 1500 Today!
The IxBet cellular app is a perfect fit for gamers with smartphones and tablets. The betting and gaming web site has put lots of effort into creating a dedicated App for iOS, Windows, and Android gadgets. 1xBet additionally has a straightforward to make use of browser named the 1x browser that targets Android users. The 1xBet Casino actually began with sports activities betting, which is why theyve greater than 1,000 events every day that clients can wager on. This contains in style sports activities like hockey, ski jumping, water polo, basketball, soccer, and so much extra. On high of that, in addition they supply extra betting opportunities which are available in specific markets because of country-specific occasions.
For occasion, if a daily deposit bonus is 100 percent up to $1,000, a crypto deposit bonus might be 150% as a lot as $1,500, expressed in Bitcoin or one other cryptocurrency. Some NZ bookies settle for multiple cryptocurrencies, together with Bitcoin, Ethereum, Dogecoin, Litecoin, and others. The risk-free wager is usually confused with the free guess, but the two phrases are literally not interchangeable. With a risk-free bet, you might be betting with your own money. In case you win, it is business as usual, but if you lose, the bookie will reimburse you.
You can get an unique 100% bonus that goes as high as $130. To obtain the bonus you need to use the promo code VIP CODE, however keep in mind, this join bonus is out there only for new prospects who register for an account. At first look, its not clear why Betfair wished to open a sportsbook betting workplace because the Betting Exchange has very massive advantages.
And with 1xBet these kind of opportunities become more real. Place bets and win and ensure concerning the reliability and fairness of the 1xBet standard website. The official webpage was created in February 2012, since then it has been operating in throughout the net.
If you ever experience any issue, dont hesitate to contact their customer help service. They are all the time there to solve your queries and provide you with the proper resolution you need. One of the notable issues about 1xBet on line casino is that it provides games from the top game builders in the trade. Currently, the site works with virtually one hundred builders or extra.
We will clarify intimately the 4 bonuses from this list and present what advantages you could get from them. The complete listing of all available currencies could be accessed underneath Taxonomies on the Currency tab. Follow the instructions to make sure you claim your full discount. Im over 19, and I want to obtain the newest updates and promotions. If you need to register for the 1xBet associates program you can do that when you go to partners1xbet.com and click on Registration. It goes with out saying that you should fill all of the fields and...
07:17
Best On-line Casino Games In India 2022 Gambling Video Games h+ Media
Best On-line Casino Games In India 2022 Gambling Video Games
As for sports activities betting, 1xBet New Zealand appeals to a broad variety of sports, competitions and markets. 1xBet has a live casino, geared toward those that prefer to enjoy the atmosphere of an actual recreation room with out having to depart home. 1xBet also has a Welcome bonus unique to on line casino, in addition to weekly promotions for individuals who are already registered on the betting site. In addition to the range of video games, bettors can depend on reliable and well-known suppliers in the iGaming market. There are 136 suppliers, including iSoftbet, Microgaming and Pagmatic Play.
The wheel features purple and black pockets which are numbered from 1 to 36. This website provides a high pay-out, which gives you extra chances of profitable. Now comes the half the place you make your first deposit in your account.
Click on it and select essentially the most handy registration method. There are 4 totally different options pertaining to 1xBet registration. The minimum age required is 18 years to play any sport in 1xbet.
There are 87 online Poker video games on the betting site, a fairly high selection. There are completely different modalities of the sport, including probably the most famous, Texas Holdem. 1xBet cell on line casino is a wholly-owned subsidiary of Sergey Korsakov. The parent firm relies in Cyprus and has branches worldwide. 1xBet mobile on line casino is licensed and regulated underneath the legal guidelines of the Government of Curacao. The expansive game lobby in 1xBet cell casino is respected software program providers such as Microgaming and NetEnt.
According to 1xBet Bangladesh betting analysis, the company often supplies customers with good prizes. Mirror web sites possess are equivalent to the native web site. Thus, using a mirror in your cellular system, youll get the similar decisions because the unique bookmakers web site. You can place bets, get promotional provides, play video 1xbet video games and so forth. 1xBet bookmaker presents players an actual opportunity to win prizes worthy.
To examine if a wager has cashout, you have to confirm the guess. Then examine in your betting section if there is the choice to promote the e-newsletter. Following the market development, this home offers bets on eSports . The victorious gambler 1xBet , Mukhazhan Therefore, if there were any fears that your wins at 1xBet would not be rewarded, youll have the ability to relaxation assured.
They enable the player to obtain bonuses inside the type of cash or free bets. On this net web page, you can see the simplest 1xBet promo code bookmaker bonus codes and uncover ways to make use of them. Users of this site will get pleasure from a prime quality material in regards to the casinos.
The casino presents various sportsbettingopportunities, lottery games, and numerous casinogames, wi...