Why would Humane delay an OTA update to give access to the device just because a small group of users are using an access certificate? You are punishing the entire class just because one student kept on talking.

I don’t trust this company. They have been lying to their users from the very beginning.

Imagine the US government restricting the First Amendment and every branch of government just lets it happen.

What YouTube killed are YouTube instances by limiting the number of request per IP address.

“Thank you, Larry McVoy” by Richard Stallman

If WP Engine contributed nothing, then why steal their custom fields plugin?

🤔

He works for the USA. The government isn’t allowed to hinder free speech ESPECIALLY criticism of the government. That’s the main reason why it was there in the first place.

Why did Jimmy Carter sell his peanut farm but Elon Musk get’s to keep his propaganda machine?

Even though Google Search is turning to crap, most people would still choose Google Search if prompted to choose a search engine.

As for Google Play Store integration, this might lead to Android phones having to choose a store in install like picking a browser for Windows.

Agreed. A massive overhaul just introduces more problems. I wish they did the same with the OS updates.

I miss the days US politicians took the effort to hide where their international illegal campaign contributions came from.

I’m shocked they are this sloppy.

I guess we will see if “there’s no such things as bad publicity” works out for them.

That’s the perfect representation of a government agency trying to create rules for other government agencies.

The security advisory is for version 13.x until 13.6 on the popular virtualization software for macOS. The bug — CVE-2024-38811 — has a CVSSv3 base score of 8.8 and is caused by an insecure environment variable. Mykola Grymalyuk of RIPEDA Consulting reported the vulnerability and VMWare has issued a patched version of the software.

The vulnerability allows a user with standard privileges to execute code within the Fusion application.

that makes sense. Thank you.

No negatives listed on the Wiki page. Are there any? Does potting increase the likely hood of overheating?

Since this is an offshoot of BlackCat, some experts say exploits in remote access software.

Microsoft creating security issues for not only their own operating systems but the operating systems of others.

Looks like regular PHP.

builtwith

Especially since backend web frameworks do all this for you.

New Tickler malware used to backdoor US govt, defense orgs

By Sergiu Gatlan August 28, 2024 02:36 PM

The APT33 Iranian hacking group has used new Tickler malware to backdoor the networks of organizations in the government, defense, satellite, oil and gas sectors in the United States and the United Arab Emirates.

As Microsoft security researchers observed, the threat group (also tracked as Peach Sandstorm and Refined Kitten), which operates on behalf of the Iranian Islamic Revolutionary Guard Corps (IRGC), used this new malware as part of an intelligence collection campaign between April and July 2024.

Throughout these attacks, the threat actors leveraged Microsoft Azure infrastructure for command-and-control (C2), using fraudulent, attacker-controlled Azure subscriptions that the company has since disrupted.

APT33 breached targeted organizations in the defense, space, education, and government sectors following successful password spray attacks between April and May 2024. In these attacks, they attempted to gain access to many accounts using a small number of commonly used passwords to avoid triggering account lockouts.

“While the password spray activity appeared consistently across sectors, Microsoft observed Peach Sandstorm exclusively leveraging compromised user accounts in the education sector to procure operational infrastructure. In these cases, the threat actor accessed existing Azure subscriptions or created one using the compromised account to host their infrastructure,” Microsoft said.

The Azure infrastructure they gained control of was used in subsequent operations targeting the government, defense, and space sectors.

“In the past year, Peach Sandstorm has successfully compromised several organizations, primarily in the aforementioned sectors, using bespoke tooling,” Microsoft added.

The Iranian threat group also used this tactic in November 2023 to compromise the networks of defense contractors worldwide and deploy FalseFont backdoor malware.

In September, Microsoft warned of another APT33 campaign that had targeted thousands of organizations worldwide in extensive password spray attacks since February 2023, leading to breaches in the defense, satellite, and pharmaceutical sectors.

Microsoft has announced that starting October 15, multi-factor authentication (MFA) will be mandatory for all Azure sign-in attempts to protect Azure accounts against phishing and hijacking attempts.

The company has previously found that MFA allows 99.99% of MFA-enabled accounts to resist hacking attempts and reduces the risk of compromise by 98.56%, even when attackers attempt to breach accounts using previously compromised credentials.