Mar 18, 2025The Hacker NewsAuthentication / Identity SecurityWhile Okta provides robust native security features, configuration drift, identity sprawl, and misconfigurations can provide opportunities for attackers to find their way in. This article covers four key ways to proactively secure Okta as part of your identity security efforts.Okta serves as the cornerstone of identity governance and security for organizations worldwide. However, this prominence has made it a prime target for cybercriminals who seek access to valuable corporate identities, applications, and sensitive data.While Okta provides robust native security features and recommended best practices, maintaining proper security controls requires constant vigilance. Configuration drift, identity sprawl, and misconfigurations can provide attackers a way into Okta and other apps if left unchecked.This article covers four key ways Nudge Security can help you proactively secure Okta as part of your efforts to harden your identity security posture.1. Continuous Configuration MonitoringEven if you have enabled all of the native security features in Okta and followed their security best practices guidelines, configuration drift can happen over time.As part of its comprehensive SaaS security posture management capabilities, Nudge Security continuously monitors your Okta environment and alerts you if you've drifted away from security best practices or if the native security features are not enabled. You'll be alerted to configuration risks like:Excessive session lifetime limitsDisabled threat detection functionalityMissing behavior detection settingsDisabled threat insights functionality2. Identity Risk DetectionAs roles and responsibilities change and users join and leave the organization, you can end up with forgotten accounts and users with admin privileges that are no longer appropriate. Nudge Security continuously scans for these risks and notifies you of findings like:Inactive privileged accountsAdmin accounts with weak or missing MFAAdmin sprawlFormer employees with lingering accessInactive accounts and those that have never logged in3. Ensure Secure Access to OktaGiven Okta's important role in securing access to business critical systems, attackers know that if they can gain access to Okta, they can often make their way into other systems with valuable data. Nudge Security helps maintain proper Okta account security by continuously:Ensuring MFA is required for enrollmentEnforcing strong password policiesDiscovering OAuth grants and API tokens that grant access to OktaDetecting logins from multiple Okta users from the same device4. Streamlined RemediationIt's one thing to get alerted of security gaps, but yet another to ensure they are resolved. And, prioritization is critical to ensure that the most significant risks are mitigated first. When security issues are detected, Nudge Security doesn't just raise alerts - it enables efficient resolution through:Risk-based prioritization of findingsDetailed context and recommended actions for each findingAutomated remediation workflows that engage the appropriate stakeholdersProgress tracking on remediation effortsTake the Next StepSecuring your Okta environment requires ongoing attention and proactive management. By implementing Okta security best practices, organizations can better protect their critical identity infrastructure and reduce the risk of security incidents.Nudge Security provides the continuous monitoring, automated detection, and streamlined remediation capabilities needed to maintain a strong security posture for Okta and your other business critical SaaS apps.Start your free 14-day trial here.Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Mar 18, 2025Ravie LakshmananCyber Espionage / MalwareThreat hunters have shed more light on a previously disclosed malware campaign undertaken by the China-aligned MirrorFace threat actor that targeted a diplomatic organization in the European Union with a backdoor known as ANEL.The attack, detected by ESET in late August 2024, singled out a Central European diplomatic institute with lures related to Word Expo, which is scheduled to kick off in Osaka, Japan, next month.The activity has been codenamed Operation AkaiRy (Japanese for RedDragon). Active since at least 2019, MirrorFace is also referred to as Earth Kasha. It's assessed to be a subgroup within the APT10 umbrella.While known for its exclusive targeting of Japanese entities, the threat actor's attack on a European organization marks a departure from its typical victimology footprint.That's not all. The intrusion is also notable for deploying a heavily customized variant of AsyncRAT and ANEL (aka UPPERCUT), a backdoor previously linked to APT10.The use of ANEL is significant not only because it highlights a shift from LODEINFO but also the return of the backdoor after it was discontinued sometime in late 2018 or early 2019."Unfortunately, we are not aware of any particular reason for MirrorFace to switch from using LODEINFO to ANEL," ESET told The Hacker News. "However, we didn't observe LODEINFO being used throughout the whole 2024 and so far, we haven't seen it being used in 2025 as well. Therefore it seems, MirrorFace switched to ANEL and abandoned LODEINFO for now."The Slovakian cybersecurity company also noted that Operation AkaiRy overlaps with Campaign C which was documented by Japan's National Police Agency (NPA) and National Center of Incident Readiness and Strategy for Cybersecurity (NCSC) earlier this January.Other major changes include the use of a modified version of AsyncRAT and Visual Studio Code Remote Tunnels to establish stealthy access to the compromised machines, the latter of which has become a tactic increasingly favored by multiple Chinese hacking groups. The attack chains involve using spear-phishing lures to persuade recipients into opening booby-trapped documents or links that launch a loader component named ANELLDR via DLL side-loading that then decrypts and loads ANEL. Also dropped is a modular backdoor named HiddenFace (aka NOOPDOOR) that's only used by MirrorFace."However, there are still a lot of missing pieces of the puzzle to draw a complete picture of the activities," ESET said. "One of the reasons is MirrorFace's improved operational security, which has become more thorough and hinders incident investigations by deleting the delivered tools and files, clearing Windows event logs, and running malware in Windows Sandbox."Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Toxic workplaces have been a prevailing theme in the zeitgeist for decades -- the phrase was first used in a 1989 nursing leadership guide. Discussion of workplace dissatisfaction reached a fever pitch with the advent of social media. Disgruntled workers took to the web, sharing their experiences of abusive managers, unrealistic expectations, grueling hours -- and a plethora of more minor complaints as well.Thus, it might be argued, the meaning of the term has been diluted. Surely, there are differences between being regularly berated by a supervisor for insignificant infractions or refusals to acknowledge an employees personal commitments and the occasional request for overtime or expectations of inconvenient social conventions.Even if the intended meaning has drifted, the discourse on workplace toxicity has identified a range of prevailing tendencies that have severe consequences both for employees and the organizations they work for. Cybersecurity is no exception -- and toxicity appears to be particularly pernicious in this profession for a variety of reasons.It is likely exacerbated by the cybersecurity shortage -- small teams are expected to carry heavy workloads, and their managers bear the brunt of the consequences for any failures that occur. This zero-failure mentality results from a siloed structure in which cybersecurity professionals are isolated from other parts of an organization and expected to carry the entire burden of protection from attacks without any assistance. Individuals are blamed for events that in reality result from institutional failures -- and those failures are never addressed.Related:This is exacerbated by a general lack of people skills among managers and poorly executed communication. These factors lead to a bullying managerial culture, demoralized staff, burnout, high turnover rates -- and ultimately, a greater likelihood of breaches.Here, InformationWeek looks at the factors contributing to toxic cybersecurity environments and the steps that CISOs and other IT leaders should take to correct them, with insights from Rob Lee, chief of research at cybersecurity training company SANS Institute; and Chlo Messdaghi, founder of responsible AI and cybersecurity consultancy SustainCyber.Tech Over PeopleOne of the first organizational mistakes that can lead to toxicity in the cybersecurity workforce in an emphasis on packaged solutions. Slick marketing and fast-talking salespeople can easily lead anxious executives to purchase supposedly comprehensive cybersecurity packages that offer assurances of protection from outside attackers with very little work or additional investment. But even the most well-designed package requires maintenance by cybersecurity professionals.Related:Ninety percent of the cybersecurity market is product based, Lee says. You can have an amazing Boeing strike fighter, but you still need a pilot to run it.The failure to understand the demands of this work can lead to underfunded and understaffed departments expected to keep up with unrealistic expectations. CISOs are thus compelled to pressure their employees to perform beyond their capabilities and toxicity soon results.Siloed SecurityEven in cases where cybersecurity teams are reasonably funded and given a degree of agency in an organizations approach to protecting its assets, their efficacy is limited when the entire burden falls to them. If an organization does not implement top-down practices such as multi-factor authentication and education on phishing scams, it regularly falls to the cyber team to clean up preventable messes. This can shift focus from other proactive measures.There are conflicts when the organization is trying to enable innovation and freedom, Lee says. Security still has to do monitoring and restrict access.Related:Siloes develop within cyber teams themselves, too. Teams focused on compliance, risk assessment, and operations may have very different priorities. If they are not in regular communication, those priorities cannot be reconciled. This leads to further conflict and inefficiency.Resources Versus RealityThe availability of both staff and funding can negatively affect a cybersecurity work environment. Tiny teams faced with massive defense tasks are likely to feel overburdened and underappreciated, even under the best management. Understaffed cyber teams are frequently the result of underfunding.Chlo Messdaghi, SustainCyberChlo Messdaghi, SustainCyberWhen you go to like the board or the executive team, theyll say No, its not needed. We don't need more funds, Messdaghi relates. They dont understand why security is important. They see it as setting money on fire.One study found that cybersecurity budgets were only expected to increase by 11% from 2023 to 2025 despite the exponential rise in threats, putting the onus on already strained cybersecurity teams to make up the difference. These unrealistic expectations are likely to lead to employees being burned out.But that is not the whole picture: Burnout also comes from bad leadership. Burnout is not caused by the amount of work you have. Its about leadership and a lack of communication, Messdaghi argues.Toxic Personalities in ManagementToxicity trickles down -- from management to the most junior of employees, no matter the industry. This appears to be particularly true in cybersecurity. One of the worst traits in upper management appears to be apathy -- simply not caring much about cybersecurity at all.This can lead directly to underfunding or band aid solutions that leave teams scrambling to compensate. These types of executives dismiss admonitions to implement password security procedures and phishing tests across the organizations, considering them to be meaningless exercises.When cyber teams do raise relevant issues with management, they may be dismissed or treated as irritations rather than people who are attempting to do their jobs. Further, when errors do occur, they are pinned squarely on these underfunded and understaffed teams.Cybersecurity team leaders themselves can contribute to toxic environments, even if upper management is supporting solid practices. Micromanaging employees, publicly or privately abusing them with demeaning or profane language and refusing to listen to their concerns can lead to disengagement, adversarial relationships and decreased performance.Research has identified such managers as petty tyrants, so involved with their own sense of importance in the organizational scheme that they feel entitled to these behaviors. Their behaviors may more directly affect their subordinates due to the small size of many cyber teams -- their toxicity is not diffused across many employees and their handful of subordinates bear the brunt.These behaviors may be further exacerbated by the shortage of skilled cybersecurity employees -- someone who is able to manage a team on a technical level remains valuable even if they lack people skills and do so in an abusive fashion.And some leadership toxicity may simply be the result of managers not being enabled to do their jobs. CISO burnout is extremely real, Lee says. There are a lot of people saying, Im never doing this job again.When good managers leave due to toxicity from their superiors, the effects can be devastating for the entire organization. Theyll take half the team with them, Lee says.Toxic Tendencies in Cyber TeamsAs poisonous as the behaviors of executives and managers can be, some of the toxicity in cybersecurity workforces can come from within the teams themselves.A prevailing toxic tendency is the so-called hero complex -- highly skilled employees shoulder enormous workloads. This can lead to resentments on both sides of the equation. The hero may resent what they perceive to be an unfair burden, carrying the weight of less-invested employees. And other employees may resent the comparison to heroes, whose work ethic they feel unequipped to match. Some heroes may become bullies, feeling entitled to push others out of their way in an effort to get their work done, and others may feel bullied themselves, forced to shoulder the consequences of the incompetence of their colleagues.This personality type may be prevalent in cybersecurity teams due to the history of competition in the industry, beginning with early hackers. Hierarchies based on achievements -- such as medals -- have been reinforced by the entry of ex-military members into the workforce.The prevalence of these personality types has, likely unintentionally, led organizations to feel comfortable with understaffed cybersecurity departments because the work does ultimately get done, even if it is only by a few people working under unsustainable pressures. But it also creates single points of failure: When one hero finally slips up, the whole enterprise comes crashing down.Blaming and ShamingBlaming individuals for security events is a hallmark of toxic cybersecurity culture. While events can often be traced to a single action by an employee, those actions are typically the result of a defective system that cannot be attributed to one person.The zero-intrusion mindset that prevails among executives who do not understand the cybersecurity landscape can exacerbate the blame game. Intrusions are a near inevitability, even in scrupulously maintained environments. Coming down on the people who are responsible for containing these events rather than congratulating their effective work at containing them is going to result in resentment and anger.Rob Lee, SANS InstituteRob Lee, SANS InstituteTheres this assumption that someone did something wrong, Lee says. There are no medals awarded for stopping the intrusion before it does something devastating.This type of behavior can have even further consequences. Employees who know they will be excoriated if they make a mistake or have been faulted for the mistakes of others are likely to conceal an error rather than bring to the attention of their superiors, which is likely to make a potential breach even worse.There are always going to be people who are curious and want to work on improving themselves, Messdaghi observes. And then youre going to have people who are going to blame others for their wrongdoings.Effects on EmployeesToxic cybersecurity environments can have substantial effects on the physical and mental health of employees. Stress and anxiety are common, in some cases leading to more severe consequences such as suicidality. One study of the industry found that over half of respondents had been prescribed medication for their mental health. Conflicts, infighting and bullying can increase in a vicious feedback loop according to research by Forrester.These factors can result in apathy toward the job, leaving the team and eventual exit from the industry entirely. Nearly half of cyber leaders are expected to change jobs this year according to a 2023 Gartner report. Simultaneously, unrealistic performance expectations lead to further staffing problems. There may be little interest in entry level employees due to their perceived lack of skills even as more experienced staff head for the door.And stress is only growing -- 66% of cybersecurity professionals said their job was more stressful than it was five years ago according to a 2024 survey.Risks Created by ToxicityAccording to a study by Bridewell, 64% of respondents to a survey of cybersecurity professionals working in national security infrastructure saw declines in productivity due to stress.The apathy, annoyance, stress, and eventual burnout that result from toxic cybersecurity workplaces create prime conditions for breaches. Errors increase. Team members become less invested in protecting organizations that do not care about their well-being. Rapid turnover ensues, decreasing team stability and the institutional knowledge that comes with it.A 2024 Forrester report found that teams who were emotionally disengaged from their work experienced almost three times as many internal incidents. And those that lived in fear of retribution for errors experienced nearly four times as many internal incidents. These conditions exacerbated the risk of external attacks as well.Fixing the ProblemAddressing toxicity in cybersecurity is a tricky proposition -- not least due to the vagueness of the term. Distinguishing toxicity from acceptable workplace pressures is highly subjective.CISOs and IT leaders can institute a number of practices to ensure that cyber teams are getting the resources and support they need. Regular meetings with superiors, anonymous surveys and open conversations can elicit useful feedback -- and if that feedback is actually implemented, it can create more positive and productive conditions.Even the best cyber managers can only do so much to address unrealistic pressures and failures across the organization that result in risk. If resources and time are not allocated appropriately, toxicity is likely to fester despite the best efforts of everyone involved.People who are open and good communicators -- these are the best qualities I see, Messdaghi says. They dont need to be super technical. They just need to just be there to support the employees and get them what they need.

Like foreign student exchange programs, a regular exchange program betweentheITteamand end user departmentsin which an IT business analyst spends six weeks in an end-user area doing end- user work, and a person from the end-user area spends six weeks in IT, canbuild bench strength and collaborative relationships between IT analysts and business users.Yetmanywho have tried this idea have exited with mixed results. What are thepitfalls, and is there a way to run an employee exchange program that delivers quality outcomes for everyone?First, WhyDo it?Cross-disciplinary team building and the development of empathy andunderstanding of the business and ITacross departmentsare the driving forces behind user-IT employee exchanges. Youcantteach practical company business acumen to IT staff withtextbooksand college courses. IT needs boots on experience in user departments, where business analysts directly experience the day-to-day process problems and pain points that users do.End users who take a tour of duty in IT have a chance to see the other side, which must plan carefully about how to integrate and secure software, while users complain that application deployments are taking too long.On paper, there is virtually no one in userdepartmentalor IT management whothinksthat employee exchange is a bad idea.So,why havent these exchanges been widely embraced?Related:PitfallsThere are several reasons why employee exchanges between users and IT have faltered:1. The time commitmentWhetheryoureinIT or end-user management, exchanging an employee who is fully trained in your department for another employee who will be a trainee,at best,is not an easy sacrifice to make. There are projects and daily work toaccomplish. Can your department afford an employee exchange that could compromise productivity when you might already be running lean?2. Lack of management commitmentThe user-IT employee exchange starts out strong, with both user and IT management highly enthusiastic about the idea. Then, an unexpected priority comes up on either the user or IT side, and the manager who is affected says, Imsorry.Imgoing to have to pull back my employee from the exchange because we have this important project to get out.Iveseen this scenario happen. Employees get pulled out of the exchange program, and in good faith their managers try to reengage them in the exchange once a crisis has been resolved, but the continuity of the exchange has been interrupted and much of theinitialeffort is lost.Related:3. Failure to set attainable goalsOften, users and IT will agree to an employee exchange with a loose goal of immersing employees in different departments so employees can gain a better understanding of the company.The employees, and those whom they work with in their new departments, arent really sure about what they should be focusing on.When the exchange period ends, no one is exactly sure about what knowledge has been gained, and theycantexplain it to upper management, either.4. Lack offollow upDid the employees in the exchange come back with value-added knowledge that is aiding them in new projectsthatthey are doing? Most managers I speak with who have done these exchanges tell me thattheyrenot sure.One way to be sure is to check in with employees after they complete exchanges to see whattheyrelearned, and howtheyreapplying this new knowledge to their work. For example, if an IT employee goes to accounting to learn about risk management and works six weeks with the risk group, does the employee come back with new knowledge that helps them develop more insightful analytics reports for thatgroup?5. Lack of practicalknow-howLack ofknow-howin running employee exchanges goes hand in hand with the failure to set attainable goals,or to follow up.The managers who are best in these areas are individuals who have backgrounds in teaching and education, but not everybody does.Related:When you exchange employees for purposes of knowledge transfer and growth of business understanding, setting goals and staying with and following up the process are fundamental to execution. Unfortunately, many managers who try exchanges lack skills in these areas.6. Employee transfer requestsMany managers fear that the employees they send to other departments might like the work so well that they request a permanent transfer! This is a major fear.Doing anEmployeeExchangeGiven the pitfalls,itssmall wonder that employee exchange programsarentaggressively pursued,but thatdoesntmean that theydontwork.Wheredothey work?1. Companies that want to improvetheiremployee retentionSeveral years ago, a major appliance manufacturer offered an internal program where employees could sign up for projects outside of their regular businessareas andget time to work on the projects. Other companies have followed suit. This outside of the department work unlocked employee creativity and career growth opportunities. It improved employee morale, which in turn reducedemployee churn. In 2024, overall employee churn at US companies was at 20%, orone in five employees. With a tight job market, companies want to reduce churn, and expanding employee work experiences and knowledge is one way to do it.2. Organizations thatrequirecross-trainingThe military is a prime example of this. Recruits are trained in a variety of different functional areas todeterminewhere theybestexcel.3. Not-for-profit entitiesCredit unions and other not-for-profit entities have historically been great proving grounds for employee exchange programs because of their people orientation. Upper and middle managers are genuinely committed to the idea of employee growth through cross-training. The not-for-profit culture also promotes resource sharing, so managers are less resistant to the idea that they could lose a valuable employee to another department because the employee likes working there.4. When clearobjectivesare set, andfollow-upis doneAn employee exchange requires clearobjectivesto succeed atan optimallevel. For example, youdontsend an IT staffer over to accounting to learn clerical processes of closing the month-end financials and reporting them to management. Ifitstaking finance three days to do the month-end close, you send an IT employee over to learn the process and the process obstacles, and todeterminewhyitstaking finance three days instead of one day to do the close. The hope is that the employee returns to IT and works on the tech side of the process so the month-endclosingcan be done in one day. That'sa clear business win.SummaryFor managers who are uncomfortable with employee exchanges, it might be best not toattemptthem. But for those who can see the benefits of these exchanges, and who can answer a solid yes to their commitment levels, employee exchanges can work extraordinarily well for everyone involved.

We seek an experienced Staff Python Software Engineer to join our fully remote team. In this role, you will be part of the squad responsible for developing and maintaining our Python client libraries-APIs for logging and querying model-building metadata. As a key contributor, you will shape their architecture, optimize performance, and ensure seamless integration with machine learning workflows. This role requires a deep understanding of Python, user-friendly API design, and performance optimization to deliver a robust and scalable experience for our users.Our tech stack (the bigger the overlap, the better):Languages: Python.Cloud platforms: Microsoft Azure, Google Cloud Platform (GCP).Others: Protobufs, gRPC, Swagger.Responsibilities:Develop and Maintain the Python Client Library: Contribute to the design, development, and maintenance of our Python API for logging and querying model-building metadata.Code Quality & Reviews: Ensure high-quality, maintainable, well-documented code through active development and rigorous code reviews.Technical Leadership: Drive 1-2 key initiatives, working closely with 3-5 engineers to ensure smooth execution, clear task breakdowns, and effective communication of progress and challenges.Architecture & Performance Optimization: Design scalable and efficient solutions for API interactions, ensuring high performance and reliability in large-scale ML workflows.Innovation & Best Practices: Identify and propose enhancements to the Python client library and its surrounding ecosystem to improve user experience and performance.You might be a fit if you have:Minimum of 6 years of professional software development experience.Strong proficiency in algorithmic thinking and problem-solving.Passion for performance optimization, both on architecture & component level.Concise and logical communication, both written and verbal.Ability to balance business goals with technical purity, especially when adapting to high-paced, shifting priorities.Experience in user-friendly API design.Experience in leading 3-5 people engineering teams.We offer:Flexibility: 100% remote work with offices (co-works) in Warsaw/Wrocaw/Pozna/Krakw available and flexible working hours;Share in our success: Participate in the Employee Stock Option Plan and be part of our growth journey;Time off: 20 paid service-free days per year;Ownership and impact: Space to take action, bring your ideas to life, and make a real impact.Apply NowLet's start your dream job Apply now

Charterhouse, LondonWright & Wright Architects has been selected to upgrade the Grade I-listed Charterhouse almshouse and heritage site in central London The London practice was selected ahead of applications by Feilden + Mawson, Mae, Matthew Lloyd Architects and Purcell. There were 38 expressions of interest for the work and 22 prequalification submissions.Wright & Wright will initially work with the Charterhouse Estate on the 2 million Wash House Court project, which will boost almshouse provision within the 4.5ha Tudor complex so it can house up to 50 residents.The team will also assist with the next phase, a site-wide masterplan for the former Carthusian monastery, developing a concept for a Centre of Excellence of Geriatric Care and readdressing the use of the existing infirmary.AdvertisementPractice founding partner Clare Wright said: We are absolutely delighted to have been selected by the Charterhouse because their project combines two of our particular design interests: the development of exemplary, contemporary provision for the elderly [and] sensitive adaptation in one of the oldest and most beautiful settings in the City of London.Project management lead Tom Billington said: All parties put forward compelling submissions from experienced teams. Ultimately the decision was made to go with the team from Wright & Wright as they showcased the best understanding of the challenges the Charterhouse faces in its day-to-day operations and how an ageing population will require different types and standards of care throughout different chapter of their life.This, coupled with their suggestions of how to make delicate interventions into the grade I listed fabric whilst keeping sustainability and later living in mind was what won them the work.We have been delighted with the work carried out so far as they have continued in the same diligent and conscientious manner that they put forward through the competition process.The Charterhouse almshouse complex, in the centre of Clerkenwell, was formerly a Carthusian monastery and later a school. The 3ha site is open to the public for tours and for chapel and museum visits.Advertisement2025-03-18Merlin Fulchercomment and share

The practice submitted its plans for the Grade II*-listed headquarters in late February, three years after winning a competition to overhaul the 90-year-old George Grey Wornum-designed 66 Portland Place building.Westminster City Council will now rule on the proposals, part of a larger 85 million investment that also includes upgrades in the RIBAs collections and technology systems.66 Portland Place is set to close for three years from the end of May before reopening in 2028.AdvertisementBenedetti's scheme will improve accessibility by replacing the revolving glass door on the main entrance with a more accessible entrance for blind visitors, as well as less steep wheelchair ramps and new steps. Meanwhile, a separate entrance on Weymouth Street will be introduced for a proposed caf replacing the current bookshop with pavement seating to encourage public use of the building.The bookshop will relocate to be more public-facing towards Portland Place on the north-west corner of the ground floor. The main exhibition space will move upstairs, with the existing ground-floor gallery remaining untouched.The introduction of larger lifts aims to provide universal access to all of the buildings 28 levels, many of which can only be reached by stairs. A generously sized entrance to the library, matching original Wornum features inside the building, will further increase accessibility.The refurbishment also addresses inefficiencies in the plumbing and electrical systems, removing fossil-fuel-dependent systems to meet the RIBA and Westminster City Council's climate targets. Heritage single-glazed windows will be largely retained, with secondary glazing introduced elsewhere.AdvertisementOther aspects include restoring the Jarvis Foyer, a 400-seat hospitality space, and more display space for architectural models and drawings. Meanwhile, banners originally proposed for the entrance have been dropped on the advice of Westminster Council following a consultation last summer. Source:Benedetti/RIBA RIBA chief executive Valerie Vaughan-Dick said the schemes submission for planning as the next step in our House of Architecture transformative programme that will focus on RIBAs architectural collections, upgrades to digital technology, and sensitive, essential refurbishment and restoration of 66 Portland Place in London to make it more accessible, functional, sustainable and welcoming.Support has been clear for the scheme and our overall House of Architecture ambitions. Feedback from our consultations has been supportive of the proposed internal improvements and external aspects and has seen us take into consideration some adjustments from the original proposals.'The wider RIBA strategy includes emerging plans for a new collections facility on a site away from Portland Place.RIBA president Muyiwa Oki told the AJ in September that a committee was being set up to oversee the move of the collection out of the Victoria and Albert Museum in South Kensington. He said the RIBA was negotiating with the museum to extend a deal to host the RIBAs main collection beyond the current agreement of 2027.RIBA board chair Jack Pringle told the AJ in March that the House of Architecture wasa transformative and urgently needed programme to secure RIBAs future prosperity and sustainability.He added that the systems at 66 Portland Place are at the end of their lives and that a reimagined RIBA will be better equipped to support our members and to show the world the value that architects bring to tackling the biggest challenges facing our planet.Previous RIBA president Simon Allford used his first council meeting as president in 2021 to pledge to properly invest in this building and make it an exemplary net-zero carbon facility as well as a better place for engaging the public, government and ourselves. Before stepping down as president, he told the AJ the scheme was not a vanity project; we do not have a choice.Benedetti was selected for the job in 2022 following an RIBA-run competition. Also shortlisted were David Kohn Architects, Belfast-based Hall McKnight, Roz Barr Architects, a collaboration between Freehaus with Donald Insall Associates, IDKHugh Broughton Architects, and a collaboration between Feix&Merlin with Haptic Architects & Heritage Architecture.66 Portland Place was built in 1934 and has undergone piecemeal upgrades throughout its history, most recently with the addition of a Hayhurst & Co-designed learning centre and a Carmody Groarke-designed gallery.The RIBA said it would look to fundraising and sponsorship to pay for the House of Architecture and that the funding strategy [was] not linked to member fees.The refurbishment had a notional budget of 20 million when the competition to find an architect was launched in 2022. Source:Benedetti/RIBABenedetti's submitted RIBA House of Architecture refurb (Feb 25)

Commentary: Apple's iPhone 17 cameras need to impress when the phone launches later this year. This is how they can.

Do vibration plates actually do anything or help you lose weight? We spoke with experts to find out.

One of gaming's most memorable tunes is now available on Nintendo MusicTetris drops onto soundtrack app.Image credit: Nintendo News by Tom Phillips Editor-in-Chief Published on March 18, 2025 You've heard it in your dreams - the soundtrack to Tetris is now available on the Switch Online subscription's Nintendo Music app.Almost 30 music tracks from the Game Boy and NES versions of Tetris are now available to stream, if you're a Nintendo Switch Online subscriber.Who knew Tetris had so many tunes? For so many of us, the game's main theme is all you need - and it's a banger. To see this content please enable targeting cookies. The Internet's WILDEST Theories - What Does the Nintendo Switch 2 C Button Do? Watch on YouTubeThis week's bumper Nintendo Music update also brings a third set of songs to the service, from Dr Mario on the NES - which has its own another catchy melody.But nothing beats that classic Tetris track, remixed and resampled countless times over the years in other Tetris sequels, such as the Switch's own Tetris 99 and the brilliant Tetris Effect Connected.Remember that, if you're a Switch Online subscriber, you can download the Nintendo Music app on your iPhone or Android device at no extra charge. Eurogamer has a full list of every soundtrack already available on Nintendo Music, with thousands of songs from franchises such as Mario, Zelda and Pikmin.The full track listing for this week's Nintendo Music update lies below:Tetris (NES)Music-1Music-1: DangerMusic-2Music-2: DangerMusic-3Music-3: Danger25 Lines ClearedEndingName EntryTetris (Game Boy)Title ScreenA-Type (Early Version)A-TypeB-TypeC-Type25 Lines ClearedEnding: High 0Ending: High 1Ending: High 2Ending: High 3Ending: High 4Ending: High 5Rocket LaunchGame OverName Entry2 Player: Danger2 Player: Intermission2 Player: Final ResultsDr Mario (NES)Title ScreenSelection ScreenFeverFever ClearChillChill ClearGame Over Vs. Game OverLevel 20 Low Clear & EndingLevel 20 Hi Clear (UFO) & Ending