Nov 21, 2024Ravie LakshmananArtificial Intelligence / Software SecurityGoogle has revealed that its AI-powered fuzzing tool, OSS-Fuzz, has been used to help identify 26 vulnerabilities in various open-source code repositories, including a medium-severity flaw in the OpenSSL cryptographic library."These particular vulnerabilities represent a milestone for automated vulnerability finding: each was found with AI, using AI-generated and enhanced fuzz targets," Google's open-source security team said in a blog post shared with The Hacker News.The OpenSSL vulnerability in question is CVE-2024-9143 (CVSS score: 4.3), an out-of-bounds memory write bug that can result in an application crash or remote code execution. The issue has been addressed in OpenSSL versions 3.3.3, 3.2.4, 3.1.8, 3.0.16, 1.1.1zb, and 1.0.2zl.Google, which added the ability to leverage large language models (LLMs) to improve fuzzing coverage in OSS-Fuzz in August 2023, said the vulnerability has likely been present in the codebase for two decades and that it "wouldn't have been discoverable with existing fuzz targets written by humans."Furthermore, the tech giant noted that the use of AI to generate fuzz targets has improved code coverage across 272 C/C++ projects, adding over 370,000 lines of new code."One reason that such bugs could remain undiscovered for so long is that line coverage is not a guarantee that a function is free of bugs," Google said. "Code coverage as a metric isn't able to measure all possible code paths and statesdifferent flags and configurations may trigger different behaviors, unearthing different bugs."These AI-assisted vulnerability discoveries are also made possible by the fact that LLMs are proving to be adept at emulating a developer's fuzzing workflow, thereby allowing for more automation.The development comes as the company revealed earlier this month that its LLM-based framework called Big Sleep facilitated the detection of a zero-day vulnerability in the SQLite open-source database engine.In tandem, Google has been working towards transitioning its own codebases to memory-safe languages such as Rust, while also retrofitting mechanisms to address spatial memory safety vulnerabilities which occur when it's possible for a piece of code to access memory that's outside of its intended bounds within existing C++ projects, including Chrome.This includes migrating to Safe Buffers and enabling hardened libc++, which adds bounds checking to standard C++ data structures in order to eliminate a significant class of spatial safety bugs. It further noted that the overhead incurred as a result of incorporating the change is minimal (i.e., an average 0.30% performance impact)."Hardened libc++, recently added by open source contributors, introduces a set of security checks designed to catch vulnerabilities such as out-of-bounds accesses in production," Google said. "While C++ will not become fully memory-safe, these improvements reduce risk [...], leading to more reliable and secure software."Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Nov 21, 2024Ravie LakshmananFinancial Fraud / Data BreachThreat hunters are warning about an updated version of the Python-based NodeStealer that's now equipped to extract more information from victims' Facebook Ads Manager accounts and harvest credit card data stored in web browsers."They collect budget details of Facebook Ads Manager accounts of their victims, which might be a gateway for Facebook malvertisement," Netskope Threat Labs researcher Jan Michael Alcantara said in a report shared with The Hacker News."New techniques used by NodeStealer include using Windows Restart Manager to unlock browser database files, adding junk code, and using a batch script to dynamically generate and execute the Python script."NodeStealer, first publicly documented by Meta in May 2023, started off as JavaScript malware before evolving into a Python stealer capable of gathering data related to Facebook accounts in order to facilitate their takeover.It's assessed to be developed by Vietnamese threat actors, who have a history of leveraging various malware families that are centered around hijacking Facebook advertising and business accounts to fuel other malicious activities.The latest analysis from Netskopke shows that NodeStealer artifacts have begun to target Facebook Ads Manager accounts that are used to manage ad campaigns across Facebook and Instagram, in addition to striking Facebook Business accounts.In doing so, it's suspected that the intention of the attackers is not just to take control of Facebook accounts, but to also weaponize them for use in malvertising campaigns that further propagate the malware under the guise of popular software or games."We recently found several Python NodeStealer samples that collect budget details of the account using Facebook Graph API," Michael Alcantara explained. "The samples initially generate an access token by logging into adsmanager.facebook[.]com using cookies collected on the victim's machine."Aside from collecting the tokens and business-related information tied to those accounts, the malware includes a check that's explicitly designed to avoid infecting machines located in Vietnam as a way to evade law enforcement actions, further solidifying its origins.On top of that, certain NodeStealer samples have been found to use the legitimate Windows Restart Manager to unlock SQLite database files that are possibly being used by other processes. This is done so in an attempt to siphon credit card data from various web browsers.Data exfiltration is achieved using Telegram, underscoring that the messaging platform still continues to be a crucial vector for cybercriminals despite recent changes to its policy.Malvertising via Facebook is a lucrative infection pathway, often impersonating trusted brands to disseminate all kinds of malware. This is evidenced by the emergence of a new campaign starting November 3, 2024, that has mimicked the Bitwarden password manager software through Facebook sponsored ads to install a rogue Google Chrome extension."The malware gathers personal data and targets Facebook business accounts, potentially leading to financial losses for individuals and businesses," Bitdefender said in a report published Monday. "Once again, this campaign highlights how threat actors exploit trusted platforms like Facebook to lure users into compromising their own security."Phishing Emails Distribute I2Parcae RAT via ClickFix TechniqueThe development comes as Cofense has alerted to new phishing campaigns that employ website contact forms and invoice-themed lures to deliver malware families like I2Parcae RAT and PythonRatLoader, respectively, with the latter acting as a conduit to deploy AsyncRAT, DCRat, and Venom RAT.I2Parcae is "notable for having several unique tactics, techniques, and procedures (TTPs), such as Secure Email Gateway (SEG) evasion by proxying emails through legitimate infrastructure, fake CAPTCHAs, abusing hardcoded Windows functionality to hide dropped files, and C2 capabilities over Invisible Internet Project (I2P), a peer-to-peer anonymous network with end-to-end encryption," Cofense researcher Kahng An said."When infected, I2Parcae is capable of disabling Windows Defender, enumerating Windows Security Accounts Manager (SAM) for accounts/groups, stealing browser cookies, and remote access to infected hosts."Attack chains involve the propagation of booby-trapped pornographic links in email messages that, upon clicking, lead message recipients to an intermediate fake CAPTCHA verification page, which urges victims to copy and execute an encoded PowerShell script in order to access the content, a technique that has been called ClickFix.ClickFix, in recent months, has become a popular social engineering trick to lure unsuspecting users into downloading malware under the pretext of addressing a purported error or completing a reCAPTCHA verification. It's also effective at sidestepping security controls owing to the fact that users infect themselves by executing the code.Enterprise security firm Proofpoint said that the ClickFix technique is being used by multiple "unattributed" threat actors to deliver an array of remote access trojans, stealers, and even post-exploitation frameworks such as Brute Ratel C4. It has even been adopted by suspected Russian espionage actors to breach Ukrainian government entities."Threat actors have been observed recently using a fake CAPTCHA themed ClickFix technique that pretends to validate the user with a 'Verify You Are Human' (CAPTCHA) check," security researchers Tommy Madjar and Selena Larson said. "Much of the activity is based on an open source toolkit named reCAPTCHA Phish available on GitHub for 'educational purposes.'""What's insidious about this technique is the adversaries are preying on people's innate desire to be helpful and independent. By providing what appears to be both a problem and a solution, people feel empowered to 'fix' the issue themselves without needing to alert their IT team or anyone else, and it bypasses security protections by having the person infect themselves."The disclosures also coincide with a rise in phishing attacks that make use of bogus Docusign requests to bypass detection and ultimately conduct financial fraud."These attacks pose a dual threat for contractors and vendors immediate financial loss and potential business disruption," SlashNext said. "When a fraudulent document is signed, it can trigger unauthorized payments while simultaneously creating confusion about actual licensing status. This uncertainty can lead to delays in bidding on new projects or maintaining current contracts."Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

While Pixars movies are available to stream on Disney+, the animation studio has made very little content exclusively for Disney+ in the last few years. Some of the streaming shows thatlook like Pixar work were made by others, like theMonsters at Work show (based onMonsters Inc. and Monsters University) which was technically produced outside of Pixar. Thus far theyve made some Forky shorts, a series of brief cartoons about Dug fromUp, aCars on the Road show, and thats about it.But Pixar has two full-fledged Disney+ series coming to streaming in the next three months. The first isDream Productions, and its the first TV series set in theInside Out universe. The film takes place between the two films,and spins off the brain workers, first introduced in the originalInside Out, who create Rileys dreams.That includes the director of dreams, played by Paula Pell, reprising her role fromInside Out.Joining her are Richard Ayoade and several of the voices fromInside Out including Amy Poehler as Joy, Lewis Black as Anger, Phyllis Smith as Sadness, plus Tony Hale and Liza Lapira as the current voices of Fear and Anger. (Rileys new emotions fromInside Out 2 dont appear because the show is set before its events occurred.)You can watch the trailer for the show below:READ MORE: Every Pixar Movie, Ranked From Worst to BestHere is the series official synopsis:Taking place in between the events of Inside Out and Inside Out 2 is Pixar Animation Studios Dream Productions, an all-new series about the studio inside Rileys mind where dreams really do come trueevery night, on time and on budget. Riley is growing up and when her memories need some extra processing, Joy and the rest of the Core Emotions send them to Dream Productions. Acclaimed director Paula Persimmon (voice of Paula Pell) faces a nightmare of her own: Trying to create the next hit dream after being paired up with Xeni (voice of Richard Ayoade), a smug daydream director looking to step up into the big leagues of night dreams.Dream Productions premieres on Disney+ on December 11. The series will run for four episodes. Pixars first totally originalseries for Disney+,Win or Lose, premieres on February 19, 2025.Sign up for Disney+ here.Get our free mobile appThe 25 Best Sequel TitlesThese sequels all share one thing in common: They all have really good titles.

ResponsibilitiesDevelop and maintain user-facing features using Vue.js, JavaScript, and TailwindCSS.Collaborate with backend developers to ensure seamless frontend-backend integration.Utilize tools like Node.js and Vue CLI to set up and manage projects.Deploy applications on static hosting platforms (e.g., Netlify, Vercel).Write clean, maintainable, and efficient code while adhering to best practices.Hiring ProcessApplication: Submit your applicating and confirm your availability for this role.Test Task: Shortlisted candidates will receive a test task (On the email you've applied with). You will:Set the start time.Propose a budget for the task.Specify a completion timeframe.Confirm the tasks start.Final Selection: The candidate with the best performance will join us for ongoing front-end tasks. Related Jobs See more Front-End Programming jobs

Time zones: EST (UTC -5), CST (UTC -6), MST (UTC -7), PST (UTC -8), AKST (UTC -9), HST (UTC -10)About Us:Crisis Control Solutions LLC is a Miami-based company specializing in risk mitigation and crisis management services. We provide innovative solutions to businesses, offering digital products, online courses, and expert consulting. Our mission is to empower businesses and individuals to navigate uncertainty with confidence.Role Overview:We are seeking a talented and driven Social Media Expert to join our team remotely. This part-time position is ideal for a creative individual with a passion for digital marketing and social media. The selected candidate will help boost our online presence, drive sales of our digital products, and position our founder as a leading speaker in the U.S.Key Responsibilities:Digital Product Sales: Manage and optimize the sales of our digital products on platforms like SamCart and Online Courses.Social Media Campaigns: Create and execute engaging online marketing campaigns across LinkedIn, Facebook, and other platforms to increase brand awareness and conversions.Founder Promotion: Develop and implement strategies to position the company founder as a prominent speaker in the U.S. market.Performance Tracking: Monitor and analyze campaign performance, providing actionable insights for improvement.Content Creation: Design and publish engaging content (e.g., posts, ads, and videos) to attract and retain an online audience.Requirements:Based in Florida and authorized to work in the U.S.Proven experience in social media management and digital marketing.Familiarity with platforms like LinkedIn, Facebook, SamCart, and online course tools.Excellent communication skills and creativity.Ability to work independently and manage time effectively.Basic graphic design and video editing skills are a plus.

Once again, global greenhouse-gas emissions are projected to hit a new high in 2024. In this time of shifting political landscapes and ongoing international negotiations, many are quick to blame one country or another for an outsize role in causing climate change. But assigning responsibility is complicated. These three visualizations help explain why and provide some perspective about the worlds biggest polluters. Greenhouse-gas emissions from fossil fuels and industry reached 37.4 billion metric tons of carbon dioxide in 2024, according to projections from the Global Carbon Budget, an annual emissions report released last week. Thats a 0.8% increase over last year. Breaking things down by country, China is far and away the single biggest polluter today, a distinction it has held since 2006. The country currently emits roughly twice as much greenhouse gas as any other nation. The power sector is its single greatest source of emissions as the grid is heavily dependent on coal, the most polluting fossil fuel. The US is the worlds second-biggest polluter, followed by India. Combined emissions from the 27 nations that make up the European Union are next, followed by Russia and Japan. Considering a countrys current emissions doesnt give the whole picture of its climate responsibility, though. Carbon dioxide is stable in the atmosphere for hundreds of years. That means greenhouse gases from the first coal power plant, which opened in the late 19th century, are still having a warming effect on the planet today. Adding up each countrys emissions over the course of its history reveals that the US has the greatest historical contributionthe country is responsible for about 24% of all the climate pollution released into the atmosphere as of 2023. While its the biggest polluter today, China comes in second in terms of historical emissions, at 14%. If the EUs member states are totaled as one entity, the group is among the top historical contributors as well. According to an analysis published November 19 by the website Carbon Brief, China passed EU member states in terms of historical emissions in 2023 for the first time. China could catch up with the West in the coming decades, as its emissions are significant and still growing, while the US and EU are seeing moderate declines. Even then, though, theres another factor to consider: population. Dividing a countrys total emissions by its population reveals how the average individual in each nation is contributing to climate change today. Countries with smaller populations and economies that are heavily reliant on oil and gas tend to top this list, including Saudi Arabia, Bahrain, and the United Arab Emirates. Among the larger nations, Australia has the highest per capita emissions from fossil fuels, with the US and Canada close behind. Meanwhile, other countries that have high total emissions are farther down the list when normalized by population: Chinas per capita emissions are just over half that of the US, while Indias is a small fraction. Understanding the complicated picture of global emissions is crucial, especially during ongoing negotiations (including the current meeting at COP29 in Baku, Azerbaijan) over how to help developing nations pay for efforts to combat climate change. Looking at current emissions, one might expect the biggest emitter, China, to contribute more than any other country to climate finance. But considering historical contributions, per capita emissions, and details about national economies, other nations like the US, UK, and members of the EU emerge as those experts tend to say should feature prominently in the talks. What is clear is that when it comes to the emissions blame game, its more complicated than just pointing at todays biggest polluters. Ultimately, addressing climate change will require everyone to get on boardwe all share an atmosphere, and were all going to continue feeling the effects of a changing climate. Notes on data methodology: Emissions data is from the Global Carbon Project, which estimates carbon emissions based on energy use. Territorial emissions take into account energy and some industry, but dont include land use emissions. Data from the European Union is the sum of its current 27 member states. The bloc is represented together because the EU generally negotiates together on the international stage. Historical emissions for some countries are disaggregated from former borders, including the former USSR and Yugoslavia. The per capita emissions map uses official World Bank boundaries, with the exception of Taiwan, which has separate emissions data in the Global Carbon Project. Western Saharas energy data are reported by Morocco, so its emissions are included in that total. Per capita emissions for Morocco are also used for Western Sahara on the map. More detailed information about the Global Carbon Project methods (including the particulars on how territorial emissions are broken down) is available here.

High Street Rental Auctions aim to tackle empty properties and revitalise town centres through council interventionSource: ShutterstockAccording to the government, one in seven high street properties currently stands vacantCouncils will be granted new legal powers from 2 December to auction leases for long-vacant high street properties, as part of measures introduced under the Levelling Up and Regeneration Act 2023. The initiative, termed High Street Rental Auctions (HSRAs), is intended to address the persistent problem of empty commercial premises in city, town, and village centres.Under the new regulations, local authorities can intervene if properties have been vacant for more than 365 days within a two-year period. The initiative aims to bring these spaces back into use by auctioning leases for one to five years, making them accessible to businesses and community organisations.Local Growth Minister Alex Norris said the powers will put local communities first and help reinvigorate struggling town centres. High streets are the beating heart of our communities. But for too long, too many have been neglected, with more and more empty lots and boarded-up shopfronts, he stated.According to the government, one in seven high street properties currently stands vacant, and HSRAs are seen as a means of countering this trend.The government will highlight the initiative at an HSRA showcase event today in Wolverhampton. The event will feature insights from early adopter councils, which are tasked with piloting the scheme and providing best practice guidance for other authorities.

Source: PLPSource: PLPSource: PLP1/3show captionLambeth Council has granted planning permission for a co-living and light-industrial development at Hardess Yard in Brixton, designed by PLP Architecture for a joint venture between Mitheridge Capital Management and LGL.The scheme includes 320 co-living studios and 1,400sqm of industrial space aimed at supporting local small and medium-sized enterprises in the creative sector.The development spans two buildings on the former industrial site. A seven- to 14-storey structure to the north will house the co-living studios, while a two-storey building to the south will provide workspace for local businesses. The plans also feature newly landscaped public spaces, including a pocket park.Andrei Martin, partner at PLP, said: Our vision for Hardess Yard expands the traditional co-living model by offering a vibrant multi-layered social core alongside state-of-the-art light industrial workspaces.PLPs design seeks to draw on the sites industrial heritage, incorporating deep brick faades with scalloped lintels, and metallic cladding with green walls for the workspace units.The development forms part of Lambeth Councils broader ambition to revitalise the local area. A public consultation and engagement with the GLA informed the plans. The project sits opposite Higgs Yard, a residential-led mixed-use development by Peabody, creating a complementary cluster of homes and workspaces in the neighbourhood.Source: PLPThe project targets both WELL Platinum and BREEAM Outstanding certifications, with sustainability measures exceeding London Plan carbon targets by 28%. These include high-performance building fabric, triple glazing, passive low-energy design, and mechanical ventilation with heat recovery.Daniel Rastegar, partner at Mitheridge, commented: This scheme promises to bring significant benefit to Brixton and Lambeth, providing quality homes on flexible and accessible terms.The approval marks Mitheridges second co-living project, following a similar 337-studio scheme in Hackney Wick, approved in September.Harry Green, director at LGL, said: Across London, there are countless under-utilised sites with the potential to house new communities.At Hardess Yard, we are excited to bring forward this transformational vision together with Mitheridge.

Following the failure of two previous planning applications by another practice for a single dwelling on the site, Novak Hiles Architects won planning consent for the two dwellings in summer 2021. The client is a local family-turned-private-developer with longstanding ties to the area.The backland plot, which previously accommodated a derelict lock-up garage, sits within a varied context of Victorian housing and infrastructure alongside more recent volume housing developments.The building was conceived as a solid pale red brick mass, sculpted with deep setbacks and undercuts as well as deep window reveals.AdvertisementThe dual-aspect units are designed for private rental. Flexible in their layout they have bright and spacious interiors with simple, robust detailing. The ceiling joists in the upper storey unit have been left exposed, offering additional headroom.The three-bedroom ground floor flat has a large private garden while the first floor one bedroom flat has a private south-facing terrace. Permeable pale-red terracotta paving tiles reinforce the language of the architecture and are part of a SuDs strategy, which also includes green roofs, gravel beds and a small rain garden.Architects viewBringing our expertise in creative responses to challenging small sites to the fore, we have carefully configured the building form in response to issues of distancing, mass, privacy and outlook relative to the specific characteristics of the site.The ground floor had to be raised to deal with surface water flooding considerations particular to this location. The building was also subject to strict height restrictions owing to its Conservation Area setting. The massing was purposely arranged to minimise any impact on the adjacent residential gardens as well as the windows of the Victorian terraced houses situated to the north.Deep inset openings reinforce the entrance to both dwellings and brick bonds on the front elevation express the external steps leading to the dwelling on the first storey. The external steps are an inherent part of the character of the frontage, and a celebrated part of the architecture, drawing upon historic mews house references and brick details, albeit in a contemporary manner. Deep planters are built into the solid frontage of the building, providing defensible perennial planting and a visual buffer to the cul-de-sac street beyond. The development is car-free, with secure cycle storage integrated into the frontage of the building.Both properties have their own front door and are accessed directly from the street, which the practice considers to be an important ambition across its housing projects. The external steps leading up the top-storey unit mean that there is no loss of area for a shared internal core, maximising the efficiency of the layouts and avoiding the inevitable issues that come with ongoing maintenance of common parts in smaller residential buildings, a characterful solution to a practical problem.The building has been designed to utilise timber frame construction to minimise steel use and maximise insulation thickness, resulting in a building fabric which is thermally high performing. Sustainable technologies including air source heat pumps have also been successfully integrated into the scheme. Collectively, these measures have significantly reduced carbon use within a brick outer fabric that is intended to be robust enough to last for centuries. The development achieves a total carbon reduction of 49 per cent over Part L 2013 regulations.Furthermore, the building provides green roofs and surface water flow control mechanisms utilising gravel beds and a small area of rain garden to attenuate water as part of a SuDs strategy to ensure the development will not impact on wider surface water levels.This project is an important milestone for Novak Hiles Architects, which has enabled the practice to demonstrate its ongoing commitment to the delivery of good-quality housing on challenging urban sites.Contemporary development within conservation areas is often backed into a position of homogeneity or pastiche. This project seeks instead to very carefully find an architecture that is contemporary and bold, but also appropriate, and that enhances the character of the conservation area and beyond.Carla Novak and Adam Hiles, directors, Novak Hiles Architects Source:Novak Hiles ArchitectsProject dataStart on site June 2022CompletionJuly 2023Gross internal floor area 143m2 total (92m2 / 3 bed 5 person unit, 51m2 / 1 bed 2 person unit)Form of contractTraditional, RIBA Concise Building Contract 2018Architect Novak Hiles ArchitectsClient Private DeveloperPlanning consultant Wildstone PlanningStructural and civil engineer GCAEnergy consultant Pro SustainabilityMain contractor TMP Build SolutionsM&E contractor Aspire ServicesApproved building inspector ICWEnvironmental performance and sustainability dataLow-carbon energy sources Air source heat pumpsAnnual CO2emissions 17.8 KgCO2/m2. A total reduction of 49% over Part L 2013 regulations which goes significantly beyond the London Plan overall requirement of 35% reduction.

A new warts-and-all investigation into workplace culture by the Architects Registration Board (ARB) has laid bare what many already feared about the profession it is often a brutal and abusive environment, especially for women and those from ethnic minority backgrounds. The regulator surveyed nearly 900 professionals at different stages of their careers as part of the proposed revamp of its Code of Conduct. Sadly, the findings echo problems highlighted by the AJ over years (AJ survey reveals 1 in 7 women architects have experienced sexual harassment). Yet they still make grim reading and are described by the ARB as alarming.A jaw-dropping 41 per cent of those surveyed said they had faced bullying and harassment; a third had been subject to some form of discrimination; and one in four female professionals had experienced unwelcome sexual advances.The ARBs 83-page report highlights how excessive workloads and hierarchies that create power imbalances are not only having a negative personal effect but also having an impact on the quality and due diligence of architects work. While some of the issues, causes and solutions fall outside the ARBs remit, given that the regulators role is explicitly about policing professional competence and protecting consumers, the board says: This makes workplace culture an issue for ARB.AdvertisementAs well as informing its new code, the ARB wants the research to provoke an industry-wide debate to help find potential solutions. Here the AJ reveals the headline findings.Bullying and victimisationIt is against this backdrop that a significant proportion four in ten of those polled had experienced bullying or harassment in the workplace.This ranged from intentional undermining, which had been experienced by 45 per cent of all respondents, to having work unfairly or overly scrutinised something reported by half of those surveyed.Bullying overwhelmingly related to abuses of power by senior staff, the research states.It is also more likely to be experienced by women (55 per cent), those with disabilities (61 per cent) and those working in larger practices (small practices 38 per cent, practices with over 50 staff 45 per cent).AdvertisementPurple: Part 1 & Part 2 students and apprentices | Black: Architects with less than five years' experience, Part 3 students | White: Architects with more than five years' experienceThe anonymous testimonies quoted in the report are equally damning of the profession. One said: In my previous position at a large practice, it was part of the culture that cliques would form around more senior staff members. This would lead to bullying or demeaning behaviour by members of other cliques.Another respondent said: I experienced harassment and bullying daily via WhatsApp. I was constantly put down, belittled and blamed for things out of my control. My employer would guilt trip me and Id feel pressure to work on weekends and public holidays.One young architect said harassment extended from unfair and unexplained criticism of their work to being expected to help with the upkeep of the directors house [and] never to leave the office before them.Excessive workloadsTheres a key line in the report: Despite the creative aspects of the job, professionals strongly feel they are underpaid, overworked and undervalued.A huge 38 per cent of all respondents said they had an unacceptable workload; nearly half (48 per cent) claimed they felt pressurised to work long hours and nearly two-thirds (63 per cent) said that the profession exploited architects passion for the work in order to pile heavy loads on employees. Many felt the resulting workplace culture was stressful, leading to mental burnout, unhappiness and disillusionment with 59 per cent of all professionals claiming their workload was detrimental to their personal wellbeing. Breaking that data down, the impacts were felt most strongly by female professionals (men 55 per cent, women 65 per cent) and those from an ethnic minority background (white British 53 per cent, ethnic minorities 66 per cent).Whats more and of particular concern to the ARB more than a third (35 per cent) said they lacked the time to finish their work to an appropriate standard.DiscriminationA third (33 per cent) of all professionals surveyed said they had experienced insults, stereotyping or jokes relating to protected characteristics, rising to more than half in some demographic groups.Again, female professionals (53 per cent), those from ethnic minorities (46 per cent) and those with disabilities (46 per cent) were significantly more likely to report experiencing discrimination. It is also more prevalent in larger practices and those in London and the southeast.Comments made anonymously by respondents are, once again, revealing. One experienced architect said: [There have been instances] where clients have been minimising or belittling staff members, owing to their race or English-speaking skills, and senior [practice staff] have not defended [junior employees] nor called out [the] behaviour.The ARB reports that a lack of representation, particularly at senior levels across the profession, continues to limit the understanding of others experiences.As a result, junior architectural staff are having to take care of themselves. One early career professional said: [When] looking for a job Ill see if there are other people of ethnic minority backgrounds [] to avoid the same discrimination and sexual misconduct [happening again].Sexual misconductThe ARB report is clear: architecture professionals suffer from higher levels of discrimination and sexual misconduct than employees in other professions that publish similar research including academia and parts of the medical profession.The research team at Thinks Insight & Strategy, who ran the survey on behalf of the board, found that 10 per cent of the architectural respondents said they had experienced sexual misconduct. This is double the percentage (5 per cent) of civil servants who said they had experienced sexual misconduct in a similar 2023 survey.Female professionals are far more likely to have experienced unwelcome sexual comments (38 per cent) and unwelcome sexual advances (24 per cent) than their male colleagues (6 per cent and 5 per cent respectively).The testimonies from the respondents are shocking. A female senior architect at one major practice reported that there had been a sweepstake among male staff to see who could get me into bed.Meanwhile, one early career professional reported that a client had requested a lush young [girl] with [a] tight skirt to be sent to survey his house: The director let me know I [would] be doing the survey the day I was wearing a tight skirt. The request [was] later revealed in an email chain.Another senior architect who had been on the receiving end of sexual comments said the matter was not escalated properly because a conversation under the radar was deemed sufficient.Hugh Simpson, chief executive and registrar at the ARB, described the levels of discrimination, misconduct and harassment as alarming.He told the AJ: [We have] to set clearer and stronger standards of conduct for the sake of architects and the clients and communities they work with. Were consulting on a new Code of Conduct and Practice, but making a positive cultural shift within the profession will require leaders across the sector to work together to take action.Barriers to reporting misconductKnowing how, when and where to complain will be vital to any shift in behaviours. The investigation, worryingly, found that architects overwhelmingly lacked confidence to raise concerns about problems within practice, with many calling for greater regulation and enforcement.One respondent said: I just feel like you cant complain. The partners are treated like gods. Another said: Ive never worked in a company that had HR. So my boss is jury, judge and executioner.The ARB acknowledges there is work to be done. It says in the report: Professionals are often unclear on how they can escalate complaints of workplace misconduct, and how ARB relates to misconduct. ARBs existing processes are often perceived as only relevant to client-related misconduct [not colleagues].The regulator has set itself an action list in response to the survey which, as well as the new Code of Conduct (consultation closes on the draft code on 12 December 2024), includes supplementary guidance on leadership and inclusion, together with providing tools to support how to raise concerns and challenge unethical behaviour.It is also writing to those providing ARB-accredited qualifications to highlight the research and a new condition on sexual misconduct being introduced by the Office for Students, the education regulator in England.However the ARB can only do so much.Tackling the long hours for low pay culture highlighted will need industry-wide action. The profession must not ignore these troubling findings.*Overall figures reflect number of category respondents: future professionals (89), early career professionals (293), experienced professionals (516)** Future professionals - Part 1 or Part 2 students or apprentices; Early career professionals - currently taking Part 3 or with less than five years' post-qualification experience; Experienced professionals - architects with more than five years post-qualification experienceAnonymous testimony from a recently qualified architectIn terms of bullying, there were things like [feeling pressured to] work over the weekend or even on Christmas holidays. I remember at one of the jobs it was pretty normalised to work the weekends. On Friday night [a colleague would say]: 'OK, so tomorrow this is what we have to do.'I said I had a history of kind of anxiety and had to prioritise my mental health [and had to rest weekends]. But I was told I had to get a doctor's note for this.I've done a few late nights here and there, because [if you don't] you feel like you're letting your team down. But there is zero paid overtime in architecture, unfortunately.A lot of my friends are architects and we literally sometimes just say how much we feel scammed. But [many] people won't even know where to start pushing back.