• THEHACKERNEWS.COM
    THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 11 - Nov 17)
    What do hijacked websites, fake job offers, and sneaky ransomware have in common? They're proof that cybercriminals are finding smarter, sneakier ways to exploit both systems and people.This week makes one thing clear: no system, no person, no organization is truly off-limits. Attackers are getting smarter, faster, and more creativeusing everything from human trust to hidden flaws in technology. The real question is: are you ready? Every attack holds a lesson, and every lesson is an opportunity to strengthen your defenses. This isn't just newsit's your guide to staying safe in a world where cyber threats are everywhere. Let's dive in. Threat of the WeekPalo Alto Networks Warns of Zero-Day: A remote code execution flaw in the Palo Alto Networks PAN-OS firewall management interface is the newest zero-day to be actively exploited in the wild. The company began warning about potential exploitation concerns on November 8, 2024. It has since been confirmed that it has been weaponized in limited attacks to deploy a web shell. The critical vulnerability has no patches as yet, which makes it all the more crucial that organizations limit management interface access to trusted IP addresses. The development comes as three different critical flaws in Palo Alto Networks Expedition (CVE-2024-5910, CVE-2024-9463, and CVE-2024-9465) have also seen active exploitation attempts. Details are sparse on who is exploiting them and the scale of the attacks. Top NewsBrazenBamboo Exploits Unpatched Fortinet Flaw: A threat-actor known as BrazenBamboo has exploited an unresolved security flaw in Fortinet's FortiClient for Windows to extract VPN credentials as part of a modular framework called DEEPDATA. Volexity described BrazenBamboo as the developer of three distinct malware families DEEPDATA, DEEPPOST, and LightSpy, and not necessarily one of the operators using them. BlackBerry, which also detailed DEEPDATA, said it has been put to use by the China-linked APT41 actor.About 70,000 Domains Hijacked by Sitting Ducks Attack: Multiple threat actors have been found taking advantage of an attack technique called Sitting Ducks to hijack legitimate domains for using them in phishing attacks and investment fraud schemes for years. Sitting Ducks exploits misconfigurations in a web domain's domain name system (DNS) settings to take control of it. Of the nearly 800,000 vulnerable registered domains over the past three months, approximately 9% (70,000) have been subsequently hijacked.Got a Dream Job Offer on LinkedIn? It May Be Iranian Hackers: The Iranian threat actor known as TA455 is targeting LinkedIn users with enticing job offers intended to trick them into running a Windows-based malware named SnailResin. The attacks have been observed targeting the aerospace, aviation, and defense industries since at least September 2023. Interestingly, the tactics overlap with that of the notorious North Korea-based Lazarus Group.WIRTE Targets Israel With SameCoin Wiper: WIRTE, a Middle Eastern threat actor affiliated with Hamas, has orchestrated cyber espionage operations against the Palestinian Authority, Jordan, Iraq, Saudi Arabia, and Egypt, as well as carried out disruptive attacks that exclusively target Israeli entities using SameCoin wiper. The destructive operations were first flagged at the start of the year.ShrinkLocker Decryptor Released: Romanian cybersecurity company Bitdefender has released a free decryptor to help victims recover data encrypted using the ShrinkLocker ransomware. First identified earlier this year, ShrinkLocker is notable for its abuse of Microsoft's BitLocker utility for encrypting files as part of extortion attacks targeting entities in Mexico, Indonesia, and Jordan. Trending CVEsRecent cybersecurity developments have highlighted several critical vulnerabilities, including: CVE-2024-10924, CVE-2024-10470, CVE-2024-10979, CVE-2024-9463, CVE-2024-9465, CVE-2024-43451, CVE-2024-49039, CVE-2024-8068, CVE-2024-8069, CVE-2023-28649, CVE-2023-31241, CVE-2023-28386, CVE-2024-50381, CVE-2024-7340, and CVE-2024-47574. These security flaws are serious and could put both companies and regular people at risk. To stay safe, everyone needs to keep their software updated, upgrade their systems, and constantly watch out for threats. Around the Cyber WorldThe Top Routinely Exploited Vulnerabilities of 2023 Revealed: Cybersecurity agencies from the Five Eyes nations, Australia, Canada, New Zealand, the U.K., and the U.S., have released the list of top 15 vulnerabilities threat actors have been observed routinely exploiting in 2023. This includes security flaws from Citrix NetScaler (CVE-2023-3519, CVE-2023-4966), Cisco (CVE-2023-20198, CVE-2023-20273), Fortinet (CVE-2023-27997), Progress MOVEit Transfer (CVE-2023-34362), Atlassian (CVE-2023-22515), Apache Log4j (CVE-2021-44228), Barracuda Networks ESG (CVE-2023-2868), Zoho ManageEngine (CVE-2022-47966), PaperCut MF/NG (CVE-2023-27350), Microsoft Netlogon (CVE-2020-1472), JetBrains TeamCity (CVE-2023-42793), Microsoft Outlook (CVE-2023-23397), and ownCloud (CVE-2023-49103). "More routine initial exploitation of zero-day vulnerabilities represents the new normal which should concern end-user organizations and vendors alike as malicious actors seek to infiltrate networks," the U.K. NCSC said. The disclosure coincided with Google's announcement that it will begin issuing "CVEs for critical Google Cloud vulnerabilities, even when we do not require customer action or patching" to boost vulnerability transparency. It also came as the CVE Program recently turned 25, with over 400 CVE Numbering Authorities (CNAs) and more than 240,000 CVE identifiers assigned as of October 2024. The U.S. National Institute of Standards and Technology (NIST), for its part, said it now has a "full team of analysts on board, and we are addressing all incoming CVEs as they are uploaded into our system" to address the backlog of CVEs that built up earlier this calendar year.GeoVision Zero-Day Under Attack: A new zero-day flaw in end-of-life GeoVision devices (CVE-2024-11120, CVSS score: 9.8), a pre-auth command injection vulnerability, is being exploited to compromise and enlist them into a Mirai botnet for likely DDoS or cryptomining attacks. "We observed a 0day exploit in the wild used by a botnet targeting GeoVision EOL devices," the Shadowserver Foundation said. Users of GV-VS12, GV-VS11, GV-DSP_LPR_V3, GVLX 4 V2, and GVLX 4 V3 are recommended to replace them.New Banking Trojan Silver Shifting Yak Targets Latin America: A new Windows-based banking trojan named Silver Shifting Yak has been observed targeting Latin American users with the goal of stealing information from financial institutions such as Banco Ita, Banco do Brasil, Banco Bandresco, Foxbit, and Mercado Pago Brasil, among others, as well as credentials used to access Microsoft portals such as Outlook, Azure, and Xbox. The initial attack stages of the malware are believed to be initiated by phishing emails that lead the victims to malicious .ZIP archives hosted on fake websites. The development comes as the threat actor known as Hive0147 has begun to use a new malicious downloader called Picanha to deploy the Mekotio banking trojan. "Hive0147 also distributes other banking trojans, such as Banker.FN also known as Coyote, and is likely affiliated with several other Latin American cyber crime groups operating different downloaders and banking trojans to enable banking fraud," IBM X-Force said.Tor Network Faces IP Spoofing Attack: The Tor Project said the Tor anonymity network was the target of a "coordinated IP spoofing attack" starting October 20, 2024. The attacker "spoofed non-exit relays and other Tor-related IPs to trigger abuse reports aimed at disrupting the Tor Project and the Tor network," the project said. "The origin of these spoofed packets was identified and shut down on November 7, 2024." The Tor Project said the incident had no impact on its users, but said it did take a few relays offline temporarily. It's unclear who is behind the attack.FBI Warns About Criminals Sending Fraudulent Police Data Requests: The FBI is warning that hackers are obtaining private user information from U.S.-based tech companies by compromising U.S. and foreign government/police email addresses to submit "emergency" data requests. The abuse of emergency data requests by malicious actors such as LAPSUS$ has been reported in the past, but this is the first time the FBI has formally admitted that the legal process is being exploited for criminal purposes. "Cybercriminals understand the need for exigency, and use it to their advantage to shortcut the necessary analysis of the emergency data request," the agency said.New Trends in Ransomware: A financially-motivated threat actor known as Lunar Spider has been linked to a malvertising campaign targeting financial services that employs SEO poisoning to deliver the Latrodectus malware, which, in turn, is used to deploy the Brute Ratel C4 (BRc4) post-exploitation framework. In this campaign detected in October 2024, users searching for tax-related content on Bing are lured into downloading an obfuscated JavaScript. Upon execution, this script retrieves a Windows Installer (MSI) from a remote server, which installs Brute Ratel. The toolkit then connects to command-and-control (C2) servers for further instructions, allowing the attacker to control the infected system. It's believed that the end goal of the attacks is to deploy ransomware on compromised hosts. Lunar Spider is also the developer behind IcedID, suggesting that the threat actor is continuing to evolve their malware deployment approach to counter law enforcement efforts. It's not just Lunar Spider. Another infamous cybercrime gang called Scattered Spider has been acting as an initial access broker for the RansomHub ransomware operation, employing advanced social engineering tactics to obtain privileged access and deploy the encryptor to impact a critical ESXi environment in just six hours." The disclosure comes as ransomware attacks, including those aimed at cloud services, continue to be a persistent threat, even as the volume of the incidents is beginning to witness a drop and there is a steady decline in the ransom payment rates. The appearance of new ransomware families like Frag, Interlock, and Ymir notwithstanding, one of the noteworthy trends in 2024 has been the rise of unaffiliated ransomware actors, the so-called "lone wolves" who operate independently. Resources, Guides & Insights Expert WebinarHow to be Ready for Rapid Certificate Replacement Is certificate revocation a nightmare for your business? Join our free webinar and learn how to replace certificates with lightning speed. We'll share secrets to minimize downtime, automate replacements, master crypto agility, and implement best practices for ultimate resilience.Building Tomorrow, SecurelyAI Security in App Development AI is revolutionizing the world, but are you prepared for the risks? Learn how to build secure AI applications from the ground up, protect against data breaches and operational nightmares, and integrate robust security into your development process. Reserve your spot now and discover the essential tools to safeguard your AI initiatives. Cybersecurity ToolsGrafana Grafana is an open-source monitoring and observability platform that enables cybersecurity teams to query, visualize, and alert on security metrics from any data source. It offers customizable dashboards with flexible visualizations and template variables, allowing for real-time threat monitoring, intrusion detection, and incident response. Features such as ad-hoc queries and dynamic drill-downs facilitate the exploration of metrics related to network traffic, user behavior, and system logs. Seamless log exploration with preserved filters supports forensic investigations, while visual alert definitions ensure timely notifications to security operations centers through integrations with tools like Slack and PagerDuty. Additionally, Grafana's ability to mix different data sourcesincluding custom onesprovides comprehensive security monitoring across diverse environments, enhancing the organization's ability to maintain a robust cybersecurity posture.URLCrazy is an OSINT tool designed for cybersecurity professionals to generate and test domain typos or variations, effectively detecting and preventing typo squatting, URL hijacking, phishing, and corporate espionage. By creating 15 types of domain variants and leveraging over 8,000 common misspellings across more than 1,500 top-level domains, URLCrazy helps organizations protect their brand by registering popular typos, identifying domains diverting traffic intended for their legitimate sites, and conducting phishing simulations during penetration tests. Tip of the WeekUse Canary Tokens to Detect Intrusions Hackers rely on staying hidden, but canary tokens help you catch them early. These are fake files, links, or credentials, like "Confidential_Report_2024.xlsx" or a fake AWS key, placed in spots hackers love to snoopshared drives, admin folders, or cloud storage. If someone tries to access them, you get an instant alert with details like their IP address and time of access.They're easy to set up using free tools like Canarytokens.org and don't need any advanced skills. Just keep them realistic, put them in key places, and check for alerts. Make sure you test your tokens after setup to ensure they work and avoid overusing them to prevent unnecessary noise. Place them strategically in high-value areas, and monitor alerts closely to act quickly if triggered. It's a smart, low-effort way to spot hackers before they can do damage.ConclusionThat's it for this week's cybersecurity updates. The threats might seem complicated, but protecting yourself doesn't have to be. Start simple: keep your systems updated, train your team to spot risks, and always double-check anything that seems off.Cybersecurity isn't just something you doit's how you think. Stay curious, stay cautious, and stay protected. We'll be back next week with more tips and updates to keep you ahead of the threats.Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
    0 Comentários 0 Compartilhamentos 46 Visualizações
  • WWW.INFORMATIONWEEK.COM
    6 Cloud Trends to Watch in 2025
    Lisa Morgan, Freelance WriterNovember 18, 20247 Min ReadYAY Media AS via Alamy StockBusiness competitiveness is driving organizations deeper into the cloud where they can take advantage of more services. Leading organizations are realizing economic benefits ranging from cost savings and deeper insights to successful innovations. Artificial intelligence is driving an increase in cloud usage.We anticipate a continued growth of a few significant cloud trends for 2025, with the rise of GenAI being a major driver, says John Samuel, global CIO and EVP at CGS (Computer Generated Solutions), a global IT and outsourcing provider. Cloud providers are heavily investing in GenAI technologies, collaborating with chip manufacturers to enhance performance and scalability. This partnership enables cloud platforms to power a growing ecosystem of downstream SaaS providers that are building solutions to allow easier adoption of AI-based solutions. As a result, GenAI is becoming a key enabler for adopting advanced AI capabilities across industries, with cloud acting as the backbone.Mike Stawchansky, chief technology officer at financial services software applications provider Finastra, warns that privacy concerns and contractual ambiguity around the rights to utilize customer data for GenAI will become more of an issue. Customers want the insights and efficiencies GenAI can deliver but may not be willing to grant more extensive access to their data.Related:Capacity issues are becoming more frequent as organizations grapple with the resource-heavy workloads that AI-powered technologies bring. Further, expansion into other cloud regions may hold businesses back as different regions present their own unique compliance and data residency challenges, says Stawchansky in an email interview. GenAI is going to continue to put pressure on businesses to be better, faster, and more efficient. Early adopters are seeing gains, so those who have not yet begun to experiment with the technology risk falling behind.Cloud security will also become more of an issue, however. Security teams will begin to harness AI assistance to automate response processes for cloud-based exposure and threat detection.The volume of exposures and threats, combined with varying experience levels in SecOps teams, means that effective remediation relies on the ability to guide team members with prescriptive remediation procedures using AI. This will see mainstream adoption in 25, says Or Shoshani, co-founder and chief executive officer at real-time cloud security company Stream.Security. Enterprises have done little to evolve their detection and response capabilities to meet the unique aspects of the cloud environment. They are relying on processes and technology designed for securing on-prem infrastructures and its insufficient. Its a combination of lack of awareness of the problem, in addition to inertia.Related:Following are some more cloud trends to watch in 2025:1. Multi- and hybrid clouds will become more commonCloud providers recognize that customers prefer to leverage multiple cloud platforms for flexibility, risk mitigation, and performance optimization. In response, they are enabling inter-cloud operability, which enables users to perform analytics and utilize data across cloud providers without moving their data, according to CGS Samuel.Enterprises [and] small- to medium-sized businesses appear well-prepared for upcoming cloud trends like GenAI adoption and multi-cloud strategies. Cloud providers are responding by enabling technologies that reduce on-premises infrastructure needs, making it easier for companies to offload workloads to the cloud, Samuel says.Faiz Khan, founder & CEO at multi-cloud SaaS and managed service provider Wanclouds, says the major public cloud providers eliminated data transfer fees over the last year, making it easier to migrate data from one public cloud provider to another.Related:"By adopting a multi-cloud approach, you can train your distributed AI workloads and models across multiple environments. For instance, there could be a benefit to using Azure's computing power to train one AI model and AWS for another. Or you could keep your legacy cloud workloads on one public cloud and then your AI workloads on a separate public cloud, says Khan in an email interview. This approach enables enterprises to tailor their cloud environment to the needs of each AI application. It's also become a lot cheaper to migrate these applications across public clouds if the environment or needs change.However, time and cost can slow adoption. Businesses need sufficient time to research and implement new cloud solutions, and the confidence that the shift will deliver the cost optimization they expect. Balancing immediate costs with long-term cloud benefits is an important consideration.2. CISOs will need better cloud monitoringSOC and the SecOps teams will need to integrate cloud context into their day-to-day detection and response operations in 2025 to effectively detect and respond to exposures and threats in real time.Most SecOps teams are still relying on alert-based tools designed for on prem environments that are missing information related to exposure and attack path across all elements of the cloud infrastructure, saysStream.SecuritysShoshani. This results in an inability to identify real threats and massive amounts of time [to investigate] false positives.3. Cloud spending will increaseWanclouds Khan says most organizations will increase their cloud spending substantially in 2025.Like other aspects of IT, AI will be the force behind most of the trends occurring in the cloud in 2025. AI is going to drive a big spending boom in the cloud next year. Organizations need to increase the amount of cloud resources they have to be able to handle the compute GenAI model training requires, says Khan. Furthermore, we're also seeing IT teams now spending on new AI tools and features that can be utilized to improve and automate cloud management."4. Landing zones will gain more tractionLanding zones provide a standardized framework for cloud adoption. They are becoming more prominent as they address scalability and security concerns.Cloud providers are putting together templates for various industry verticals, such as finance and healthcare, that will allow customers to build solutions for regulatory environments much faster, saysFinastrasStawchansky. Most enterprises will be some way along their cloud-adoption and migration roadmaps today. Its just a question of how well-equipped they are for scaling their capabilities, especially as they seek to operationalize resource-heavy technologies, such as LLMs and GenAI. Having structured ways to approach scaling resources, while efficiently harnessing this technology will be crucial for ensuring ROI.5. Cybersecurity resilience will use digital twins for ransomware war gamesCyber recovery rehearsals will reach a new level of sophistication as organizations aim for ever faster recovery times in todays hybrid and multi-cloud environments.Cyber criminals are now using AI to increase the frequency, speed and scale of their attacks. In response, organizations will also use AI -- but this time, to fight back, says Matt Waxman, SVP and GM of data protection at secure multi-cloud data management company Veritas Technologies. As we know, the key to success is all in the preparation, so much of this work is going to be done in advance, using AI to predict the best response when ransomware inevitably hits.Organizations will play out ransomware wargames using cloud-based digital twins in AI-powered simulations of every possible attack scenario across entire infrastructures -- from edge to core to cloud.Plans are one thing, but an organization cant claim resilience without proving that those plans have been pressure tested. More than a nice-to-have, these advanced rehearsals will soon become mandated by regulation, says Waxman.6. Cyberspace will extend to outer spaceSatellite connectivity is growing, though Waxman says space-based computing may get a nudge in 2025.As humans return to the moon for the first time in more than 50 years aboard NASAs Artemis II, technology visionaries will be re-inspired to explore the possibilities of space-based computing, says Waxman. Datacenters in space present many benefits. For example, the unique environmental conditions mean that much less energy is required to spin disks or cool racks. However, there are also obvious challenges, such as transmission latency, which makes storage in space more effective for data that only needs accessed occasionally, like backup data.Spurred by the promise of datacenters freed from atmospheric constraints, in 2025, visionaries will begin to set their minds to overcoming the barriers to computing in space, he says.About the AuthorLisa MorganFreelance WriterLisa Morgan is a freelance writer who covers business and IT strategy and emergingtechnology for InformationWeek. She has contributed articles, reports, and other types of content to many technology, business, and mainstream publications and sites including tech pubs, The Washington Post and The Economist Intelligence Unit. Frequent areas of coverage include AI, analytics, cloud, cybersecurity, mobility, software development, and emerging cultural issues affecting the C-suite.See more from Lisa MorganNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also LikeWebinarsMore WebinarsReportsMore Reports
    0 Comentários 0 Compartilhamentos 45 Visualizações
  • WWW.INFORMATIONWEEK.COM
    Cloud Levels the Playing Field in the Energy Industry
    Matt Herpich, CEO, Conduit PowerNovember 18, 20243 Min ReadAleksia via Alamy StockWe operate as a lean technology startup in the traditionally conservative energy industry. We have to. Going up against $100 billion behemoths requires agility and operational efficiency so we can make smart, quick decisions in the moment and move at the speed of the market. Technology -- specifically digital transformation in the cloud -- has enabled this bold business model, allowing us to bridge the budget gap and compete against much larger competitors that have been in business for decades.But simply declaring youre going to operate in the cloud isnt likely to lead to success. What we set out to do hadnt been done before, but we were lucky enough to be working with two industry leaders that helped us make the right technology decisions during a relatively fast implementation cycle -- the impact of which proved valuable to operations, employee productivity, and morale, especially in a market as competitive as the energy sector.Pioneering Cloud SolutionOur core mission is to build power plants for companies that want to co-locate power generation near where they need it -- for data centers, new industry, and other places that have rapidly growing electricity needs. The ability to remotely operate modern control room systems is mission critical, allowing us to meet resilience, compliance and security requirements of our customers without having to deploy people on-site at every customer plant. Data fuels our remote management capabilities, providing operators fingertip access to all kinds of information about our customers on-site grids, including generation, usage and asset health data, which is fed to a central control center near Houston, Texas.Related:Building a vast wide-area network with high-performance fiber would cost tens of millions of dollars. Some of our well-funded competitors have done this, building massive IT infrastructures across customer sites at a scale that rivals the worlds biggest tech companies. We took a different path, working with Hitachi Energy and Amazon Web Services (AWS) to create a cloud-based network management solution. Moving to the cloud led to a six-month deployment timeline and cost a third of the budget required to build a similar on-premises deployment.Our cloud strategy allows our operators to monitor and control grid assets distributed across the state from a central location and provides fast response, redundancy, disaster recovery, and security services -- all the capabilities youd expect from one of the major players in our field. By working closely with our partners, we can do this without the big budget of our competitors nor hiring or training additional personnelRelated:Keeping Families Together During a DisasterMoving to the cloud provided immediate value. Only months after migrating to the cloud, Hurricane Beryl struck the Texas coastline and disrupted power throughout the state. Our customers needed their power plants up and running at optimal capacity to mitigate the outages.Normally, we would have had to send our operators hundreds of miles on site to oversee plant recoveries -- a costly and time-consuming prospect. However, our cloud-native strategy allowed our operators to simply log on from home where they could maintain operators from a web-based dashboard. Not only did we keep our customers up and running, but we also didnt have to disrupt our workers families during the federally declared disaster.The Cloud Delivers Operational FlexibilityOperating in the energy industry as a lean startup is much easier when you leverage the power of cloud technology to create operational efficiencies, provide stellar experiences to customers and make fast, data-informed decisions that put us one step ahead of larger competitors. Through the cloud, we are able to grow our IT capabilities in line with business growth objectives. While we currently operate plants that generate less than 100 megawatts (MW) of power, well be able to scale our SCADA and network management operations to meet the needs of any sized plant in the future. Well be able to meet this demand without having to over-provision resources in advance or invest millions of dollars in an on-premises data center. And that flexibility is worth its weight in gold.Related:About the AuthorMatt HerpichCEO, Conduit PowerMatt Herpich is CEO of Conduit Power. He previously served as head of finance and operations for Arcadia Powers Texas Energy Services business unit. He came to Arcadia through the acquisition of Real Simple Energy, a Texas-based retail power brokerage, of which he was co-founder. Matt earned a BS in Electrical Engineering from Yale and an MS in Information Technology (big data focus) from Carnegie Mellon.See more from Matt HerpichNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also LikeWebinarsMore WebinarsReportsMore Reports
    0 Comentários 0 Compartilhamentos 42 Visualizações
  • WWW.TECHNOLOGYREVIEW.COM
    The Download: Blueskys rapid rise, and harmful fertility stereotypes
    This is today's edition ofThe Download,our weekday newsletter that provides a daily dose of what's going on in the world of technology. The rise of Bluesky, and the splintering of social You may have read that it was a big week for Bluesky. If youre not familiar, Bluesky is, essentially, a Twitter clone that publishes short-form status updates. Last Wednesday, The Verge reported it had crossed 15 million users. Its just ticked over 19 million now, and is the number one app in Apples app store. Meanwhile, Threads, Metas answer to Twitter, reportedly signed up 15 million people in November alone. Both apps are surging in usage. Many of these new users were seemingly fleeing X, the platform formerly known as Twitter, in reaction to Elon Musks support of Donald Trump, and his moves to elevate right-leaning content on the platform. But theres a deeper trend at play here. Were seeing a long-term shift away from massive centralized social networks. Read the full story. Mat Honan This story is from The Debrief, our newly-launched newsletter written by our editor-in-chief Mat Honan. Its his weekly take on the real stories behind the biggest news in techwith some links to stories we love and the occasional recommendation thrown in for good measure. Sign up to get it every Friday! Why the term women of childbearing age is problematic Jessica Hamzelou Every journalist has favorite topics. Mine include the quest to delay or reverse human aging, and new technologies for reproductive health and fertility. So when I saw trailers for The Substance, a film centered on one middle-aged womans attempt to reexperience youth, I had to watch it. I wont spoil the movie for anyone who hasnt seen it yet (although I should warn that it is not for the squeamish). But a key premise of the film involves harmful attitudes toward female aging. Hey, did you know that a womans fertility starts to decrease by the age of 25? a powerful male character asks early in the film. At 50, it just stops, he later adds. He never explains what stops, exactly, but to the viewer the message is pretty clear: If youre a woman, your worth is tied to your fertility. Once your fertile window is over, so are you. The insidious idea that womens bodies are, above all else, vessels for growing children has plenty of negative consequences for us all. But it also sets back scientific research and health policy. Read Jesss story to learn how. This story is from The Checkup, MIT Technology Reviews weekly biotech newsletter. Sign up to receive it in your inbox every Thursday. The must-reads Ive combed the internet to find you todays most fun/important/scary/fascinating stories about technology. 1 Trump plans to loosen US rules for self-driving cars No prizes for guessing who might be behind that idea. (Bloomberg$)+Elon Musk is ramping up his legal fight against OpenAI and Microsoft.(WSJ$)+Trump has appointed the FCCs Brendan Carr to lead the agency.(NPR)+Robotaxis are here. Its time to decide what to do about them. (MIT Technology Review)2 How Bluesky is handling its explosive growthIt has just 20 employees, and theyre working round the clock to deal with bugs, outages and moderation issues. (NYT$)+Just joined Bluesky? Heres how to use it.(The Verge)+How to fix the internet.(MIT Technology Review) 3 Biden agreed to some small but significant AI limits with Xi Jinping I think we can all get behind the idea that nuclear weapons should be exclusively controlled by humans. (Politico)+Biden has lifted a ban on Ukraine using long-raise missiles to strike inside Russia.(BBC)4 Big Tech is trying to sink the US online child safety billAnd, as it stands, its lobbying efforts look very likely to succeed. (WSJ$)5 Amazon has launched a rival to Temu and Shein Nothing on Haul costs more than $20. (BBC)+Welcome to the slop era of online shopping. (The Atlantic$)6 The Mike Tyson-Jake Paul fight on Netflix was plagued by glitchesDespite that, 60 million households still tuned in. (Deadline)7 AI models can work together faster in their own languageLinking different models together could help tackle thorny problems individual ones cant solve. (New Scientist$)8 Tech companies are training their AI on movie subtitlesA database called OpenSubtitles provides a rare glimpse into what goes into these systems. (The Atlantic$)9 McDonalds is trying to bring back NFTsRemember those? (Gizmodo)10 A lot of people are confusing Starlink satellites with UFOs Guess itll take us a while for us to get used to seeing them. (Ars Technica)Quote of the day F*** you, Elon Musk. Brazils first lady, Janja Lula da Silva, makes her views clear during a speech calling for tougher social media regulation ahead of the G20 summit in Rio de Janeiro,Reutersreports.The big story Alina Chan tweeted life into the idea that the virus came from a lab COURTESY PHOTO June 2021 Alina Chan started asking questions in March 2020. She was chatting with friends on Facebook about the virus then spreading out of China. She thought it was strange that no one had found any infected animal. She wondered why no one was admitting another possibility, which to her seemed very obvious: the outbreak might have been due to a lab accident.Chan is a postdoc in a gene therapy lab at the Broad Institute, a prestigious research institute affiliated with both Harvard and MIT. Throughout 2020, Chan relentlessly stoked scientific argument, and wasnt afraid to pit her brain against the best virologists in the world. Her persistence even helped change some researchers minds.Read the full story.Antonio Regalado We can still have nice things A place for comfort, fun and distraction to brighten up your day. (Got any ideas? Drop me a line or tweet 'em at me.) + WhyQuincy Joneswas the best of the best. + Thesehandy appsare a great way to save articles to read later on (Pocket is my own personal favorite.)+ How to resurrect aghost riverin the Bronx.+ Look after yourstainless steel pans, and your stainless steel pans will look after you.
    0 Comentários 0 Compartilhamentos 46 Visualizações
  • WWW.TECHNOLOGYREVIEW.COM
    The rise of Bluesky, and the splintering of social
    You may have read thatit was a big week for Bluesky. If youre not familiar, Bluesky is, essentially, a Twitter clone that publishes short-form status updates. It gained more than 2 million users this week. On Wednesday,The Vergereportedit had crossed 15 million users. By Thursday, it was at 16 million. By Friday?17 million and counting. It was thenumber one appin Apples app store. Meanwhile, Threads, Metas answer to Twitter, put up even bigger numbers. The companys Adam Mosserireported that 15 million peoplehad signed up in November alone. Both apps are surging in usage. Many of these new users were seemingly fleeing X, the platform formerly known as Twitter. On the day after the election, more than115,000 people deactivated their X accounts, according to Similarweb data. Thats a step far past not logging on. It means giving up your username and social graph. Its nuking your account versus just ignoring it. Much of that migration is likely a reaction to Elon Musks support of Donald Trump, and his moves to elevate right-leaning content on the platform. Since Musk took over, X has reinstated a lot of previously banned accounts, very many of which are on the far right. It also tweaked its algorithm to make sure Musks own posts, which are often pro-Trump, get an extra level of promotion and prominence,according toKate Conger and Ryan Macs new bookCharacter Limit. There are two points I want to make here. The first is that tech and politics are just entirely enmeshed at this point. Thats due to the extreme extent to which tech has captured culture and the economy. Everything is a tech story now, including and especially politics. The second point is about what I see as a more long-term shift away from centralization. Whats more interesting to me than people fleeing a service because they dont like its politics is the emergence of unique experiences and cultures across all three of these services, as well as other, smaller competitors. Last year,we put Twitter killers on our list of 10 breakthrough technologies. But the breakthrough technology wasnt the rise of one service or the decline of another. It was decentralization. At the time, I wrote: Decentralized, or federated, social media allows for communication across independently hosted servers or platforms, using networking protocols such as ActivityPub, AT Protocol, or Nostr. It offers more granular moderation, more security against the whims of a corporate master or government censor, and the opportunity to control your social graph. Its even possible to move from one server to another and follow the same people. In the long run, massive, centralized social networks will prove to be an aberration. We are going to use different networks for different things. For example, Bluesky is great for breaking news because it does not deprioritize links and defaults to a social graph that shows updates from the people you follow in chronological order. (It also has a Discover feed and you can set up others for algorithmic discoverymore on that in a momentbut the default is the classic Twitter-esque timeline.) Threads, which has a more algorithmically defined experience, is great for surfacing interesting conversations from the past few days. I routinely find interesting comments and posts from two or three days before I logged on. At the same time, this makes it pretty lousy at any kind of real time experienceseemingly intentionallyand essentially hides that standard timeline of updates from people you follow in favor of an algorithmically-generated for you feed. Im going to go out on a limb here and say that while these are quite different, neither is inherently better. They offer distinct takes on product direction. And that ability to offer different experiences is a good thing. I think this is one area where Bluesky has a real advantage. Bluesky lets people bend the experience to their own will. You arent locked into the default following and discover experiences. You canroll your own custom feed, and follow custom feeds created by other people. (And Threads isnow testing something similar.) That customization means my experience on Bluesky may look nothing like yours. This is possible because Bluesky is a service running on top of the AT Protocol, an open protocol thats accessible to anyone and everyone. The entire idea is that social networking is too important for any one company or person to control it. So it is set up to allow anyone to run their own network using that protocol. And thats going to lead to a wide range of outcomes. Take moderation, as an example. The moderation philosophy of the AT Protocol is essentially that everyone is entitled to speech but not to reach. That means it isnt banning content at the protocol level, but that individual services can set up their own rules. Bluesky hasits own community guidelines. But those guidelines would not necessarily apply to other services running on the protocol. Furthermore, individuals can also moderate what types of posts they want to see. It lets peopleset up and choose different levels of what they want to allow. That, combined with the ability to roll your own feeds, combined with the ability of different services to run on top of the same protocol, sets up a very fragmented future. And thats just Bluesky. Theres also Nostr, which leans toward the crypto and tech crowds, at least for now. And Mastodon, which tends to have clusters of communities on various servers. All of them are growing. The era of the centralized, canonical feed is coming to an end. Whats coming next is going to be more dispersed, more fractured, more specialized. It will take place across these decentralized services, and also WhatsApp channels, Discord servers, and other smaller slices of Big Social. Thats going to be challenging. It will cause entirely new problems. But its also an incredible opportunity for individuals to take more control of their own experiences. If someone forwarded you this edition of The Debrief, you cansubscribe here. I appreciate your feedback on this newsletter. Drop me a line atmat.honan@technologyreview.comwith any and all thoughts. And of course, I love tips. Now read the rest of The Debrief The News TSMC halts advanced chip shipments for Chinese clients. It comes after some of its chips were found inside a Huawei AI processor. Google DeepMind has come up with a new way to peer inside AIs thought process. An AI lab out of Chicago is building tools to help creators prevent their work from being used in training data. Lina Khan may be on the way out, but shes going out with a bang: The FTC is preparing to investigate Microsofts cloud business. The Chat Every week Ill talk to one of MIT Technology Reviews reporters or editors to find out more about what theyve been working on. For today, I spoke with Casey Crownhart, senior climate reporter, about her coverage of the COP29 UN climate conference. Mat: COP29 is happening right now in Azerbaijan, do you have a sense of the mood? Casey: The vibes are weird in Baku this week, in part because of the US election. The US has been a strong leader in international climate talks in recent years, and an incoming Trump administration will certainly mean a big change. And the main goal of these talksreaching a climate finance agreementis a little daunting. Developing countries need something like $1 trillion dollars annually to cope with climate change. Thats a huge jump from the current target, so there are questions about how this agreement will shake out. Mat: Azerbaijan seems like a weird choice to host. I read one account from the conference saying you could smell the oil in the air. Why there? Casey: Azerbaijans economy is super reliant on fossil fuels, which definitely makes it an ironic spot for international climate negotiations. Theres a whole complicated process of picking the COP host each yearfive regions rotate hosting, and the countries in that region have to all agree on a pick when its their turn. Russia apparently vetoed most of the other choices in the Eastern European group this year, and the region settled on Azerbaijan as one of the only viable options. Mat: You write that if Trump pulls out of the UN Framework Convention on Climate Change, it would be like riding away on a rocket. Why would that be so much worse than dropping out of Paris? Casey: Trump withdrew from the Paris Agreement once already, and it was relatively easy for Biden to rejoin when he came into office. If, during his second term, Trump were to go a step further and pull out of the UNFCCC, its not just an agreement hes walking away from, its the whole negotiating framework. So the statement would be much bigger. Theres also the question of reversibility. Its not clear if Trump can actually withdraw from the UNFCCC on his own, and its also not clear what it would take to rejoin it. When the US joined in the 90s, the Senate had to agree, so getting back in might not be as simple as a future president signing something. Mat: What from COP29 are you optimistic about? Casey: Tough to find a glimmer of hope in all this, but if there is one, Id say Im optimistic that well see some countries step up, including the UK and China. The UK announced a new emissions target at the talks already, and itll be really interesting to see what role China plays at COP29 and moving forward. The Recommendation Once upon a time I was a gadget blogger. Its fun writing about gadgets! I miss it! Especially because at some point your phone became the only device you need. But! My beloved wife bought me a Whoop fitness tracker for my birthday. Its an always-on device that you wear around your wrist. Ive been Oura-curious for some time, but frankly I am a little bit terrified of rings. I spent a number of months going to a hand rehab clinic after a bike accident, and while I was there first learned about degloving and how commonly it happens to people because a ring gets caught on something. Just thought Id put that in your head too. Anyway! The whoop is a fabric bracelet with a little monitor on it. It tracks your movement, your heart rate, your sleep, and a lot more. Theres no screen, so its very low profile and unobtrusive. It is, however, pretty spendy: The device is free but the plan costs $239 annually.
    0 Comentários 0 Compartilhamentos 46 Visualizações
  • WORLDARCHITECTURE.ORG
    Snhetta completes a new expansion and site redesign for the Joslyn Art Museum in Omaha
    Submitted by WA ContentsSnhetta completes a new expansion and site redesign for the Joslyn Art Museum in Omaha United States Architecture News - Nov 18, 2024 - 12:25 html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd"Snhetta has completed a new expansion and site redesign for the Joslyn Art Museum in Omaha, United States. The new 42,000-square-foot (3,902-square-metre) addition was completed with local architects Alley Poyner Macchietto Architecture (APMA).In order to fulfil the needs the and investigate the potential of an expanding permanent collection, the team designed a new addition with its bright galleries.Along with the addition, the team designed the restoration and modernization of the Joslyn Memorial building's existing spaces and over three acres of revitalized public gardens and outdoor areas on the property.Returning visitors to the Joslyn Art Museum will notice the new expansion right away because it makes the grounds more accessible and makes it clearer where they are coming from.Reimagined as a vast congregation of landscape spaces and outdoor "rooms," immersive sculpture gardens adorned with native plants encircle the site, connecting the buildings and outdoor areas around a spine created by sculptor Jess Moroles's existing installation, The Omaha Riverscape.Visitors are greeted by an expansive collection of visual art before they even enter the building, which makes the transition to the pieces kept indoors seamless.The team's new addition floats atop two granite garden walls, while the existing monolithic buildings have a heavy, anchored presence. The first floor is transparent and contains a new atrium lobby, Museum store, and multipurpose community space.These ground floor spaces gradually rise to the level of the existing buildings through a gently sloping, accessible walkway. The hovering expansion's weightless effect pays homage to the deep overhangs and horizontal expressions of regional Prairie Style architecture, as well as the remarkable cloud formations that cover the Great Plains.Visitors are welcomed into a large, light-filled atrium with a variety of areas for lounging, people-watching, and looking out at the gardens after entering the building through the low-slung entry canopy.In keeping with the Joslyn's past identity, the two-story addition wraps around and frames the existing buildings, creating a more open and welcoming front that ushers in a new era of the Museum's mission to provide dynamic, inclusive public access to the arts.The expansion creates a dynamic, inclusive design that is accessible to everyone, building on Joslyn's long history as a cultural center and iconic landmark.The Hawks Foundation's Rhonda and Howard Hawks are honored by the pavilion's name. The Hawks Foundation offers funding for the arts, social services, and higher education.Snhetta, recently, completed the Blanton Museum of Art at the University of Texas, Austin. The firm also completed Beijing City Library in China, with a giant canopy supported by ginkgo trees and wraped by a fully glazing faade.In addition, the firm completed Vesterheim Commons in Decorah, Iowa, USA. Moreover, the studio unveiled design for a new opera house in the historic town of Diriyah, Saudi Arabia, referencing to traditional Najdi architecture.Project factsProject name:Joslyn Art MuseumArchitects: SnhettaLocal Architects:Alley Poyner Macchietto ArchitectureLocation:Omaha, Nebraska, USASize:3,902m2Completion year:2024Client:Joslyn Art MuseumProject Manager:Anser AdvisoryStructural Engineers: MKACivil Engineer: OlssonLighting Design:ArupAcoustics:ArupAll images Nic Lehoux.> via Snhetta
    0 Comentários 0 Compartilhamentos 49 Visualizações
  • WWW.BDONLINE.CO.UK
    RIBA issues cautionary note for practices not paying staff the Real Living Wage
    New Real Living Wage for London and the UK set last monthRIBA has issued guidance to practices outlining their responsibility to pay architectural assistants and apprentices the Real Living Wage.The institute said firms which do not compensate staff on the lowest salaries for unpaid overtime with either time off in lieu or flexible working risked tipping these employees hourly earnings below the Real Living Wage.It said this clearly breaches their obligations as a RIBA chartered practice.Muyiwa Oki said a culture of long hours and low pay is an unreasonable reward for the effort expended to join our professionThe new Real Living Wage as published last month is 13.85 an hour in London and 12.60 for the rest of the UK, with employers required to implement the salaries by 1 May 2025.While RIBA said there is widespread compliance with the requirement, those on lower salaries, including apprentices, architectural assistants, office managers and admin staff are most at risk of not receiving the Real Living Wage.RIBA president Muyiwa Oki, who has championed improvements in workplace wellbeing in the profession, said the guidance was a cautionary note reminding all RIBA chartered practices that they must ensure fair and equal treatment of all employees.He said: Architecture is a fulfilling but demanding career. Our profession is not unique in its culture of unpaid overtime, but the difference is that architects salaries dont reflect the actual amount of work they do nor the value of it.Oki called for the normalisation of flexible working arrangements and for practices not to expect or require overtime that cannot be compensated.A culture of long hours and low pay, after a long route to professional qualification, is an unreasonable reward for the effort expended to join our profession, he said.It undermines our profession and excludes people, including those with caring responsibilities or disabilities. Attracting and retaining diverse talent is a prerequisite for delivering architecture that responds to the needs of everyone in society.
    0 Comentários 0 Compartilhamentos 23 Visualizações
  • WWW.BDONLINE.CO.UK
    Sadiq Khan set to appoint Karen Buck as chair of London development corporation
    Former MP Karen Buck will be responsible for spearheading the delivery of tens of thousands of affordable homes near the new Old Oak Common HS2 station.Sadiq Khan is set to appoint former Labour MP Karen Buck as the new chair of the Old Oak and Park Royal Development Corporation (OPDC). Source: ParliamentKaren Buck is set to be appointed as the new chair of the OPDCBuck, if her appointment is officially confirmed as expected by the London Assembly, will follow former British Property Federation boss Liz Peace who is stepping down as chair after two terms in the position.It comes as OPDC gears up its regeneration plans, bringing forward plans for 9,000 homes and tens of thousands of jobs, new retail, services, and public open space.The development aims to create a new canalside district for London around the new HS2 and the Elizabeth Line at Old Oak Common station.As chair of OPDC, Buck will be responsible for spearheading the delivery of affordable homes and jobs at the brownfield site.Buck was the Labour MP for Westminster North for 27 years, before stepping down in May 2024.While in the commons, Buck brought forward a private members bill that led to the creation of the Homes (Fitness for Human Habitation) Act 2018, which gives tenants the right to challenge landlords over substandard living conditions.Buck also has experience in regeneration and placemaking, as the current chair of South Kilburn Trust, a charity working with residents groups, organisations and businesses to make improvements to local services and infrastructure.She is also co-chair of the North Paddington Delivery Board, working with local communities to help shape the future of North Paddington.Buck will officially take up her post on 1 January 2025, subject to a London Assembly confirmation hearing.Khan said that he was pleased to announce his intention to appoint Buck as chair, stating she brings a wealth of experience, expertise and knowledge that will strengthen its ambitious regeneration plans for the capital.He added: Under Dame Karens leadership, OPDC will continue to progress plans to deliver transformational change for West London, with thousands of new homes and jobs in the pipeline. I look forward to working with Dame Karen to build a better and more prosperous city for all.On her proposed appointment Buck said that the canalside district at Old Oak Common is such an exciting development with so much potential. She added:I am hugely looking forward to working with the Board and team at OPDC as it moves into the next phase of delivering the homes and jobs London needs.
    0 Comentários 0 Compartilhamentos 23 Visualizações
  • WWW.ARCHITECTSJOURNAL.CO.UK
    Morris+Company and New Practice submit Camden resi scheme
    Plans sent to Camden Council last week include student accommodation, 27 affordable homes and 3,325m2 of adaptable workspace in new buildings at 33-35 Jamestown Road and 211 Arlington Road.The blocks are roughly 500m to the south-west of the Roundhouse and Chalk Farm station.Drawn up for developer Regal and 4C GROUP, the scheme will replace existing light industrial buildings on the corner site with blocks up to six-storeys high around a 19th century pub that will be retained and restored. About 35 per cent of the habitable rooms will be designated as affordable when complete.AdvertisementHomes on offer will be both double and triple-aspect with internal units including student accommodation overlooking two shared internal courtyards designed by New Practice, working in collaboration with Context Office.The PBSA offering meets a growing demand for student units in Camden, the project team says, and provides wellbeing-focused amenities for collaboration, study and socialising.Ground-floor commercial units are designed to be welcoming and open while offering a clear, intuitive sense of entry for residents and visitors alike, with spacious ground floor units to create active frontages, connecting visually to the courtyards, the project team says.Project lead Morris+Company added that the plans represent a sensitive response to a complex, contextually rich site, with the architectural language of the proposals including blending varied brick types, textured panels, and refined metalwork detailing. The surrounding area is made up of terraced housing, mansion blocks, and industrial warehouses not far from the Regents Canal.On sustainability, a fabric first approach and low carbon technologies will help the scheme meet London Plan targets while minimising environmental impact, integrating on-site energy generation and circular economy principles throughout.AdvertisementRegal is also behind the cylindrical DSDHA-designed student housing-led scheme at nearby 100 Chalk Farm Road, approved in September.The developer and 4C Group have previously worked together on the Acme-designed The Haydon in Aldgate, which completed in March this year.Steve Harrington, planning director, at Regal said: Our partnership with 4C Group is rooted in a shared commitment to delivering great urban developments.[This] latest project in Camden demonstrates our aligned expertise and ambition to reshape underutilised sites into thriving, future-forward spaces. 4C Groups ambition, coupled with Regals strong development and construction capabilities is the ideal match. Together, were bringing a richly layered development to Camden Town that meets community needs, supports biodiversity, and elevates urban regeneration.In October, women and LGBTQ+-led firm New Practice, which shares a space with Morris+Company in Hackney in addition to its Glasgow home, announced that it had been acquired by Civic, the parent company of Civic Engineers.A decision on the scheme is expected in early spring 2025.
    0 Comentários 0 Compartilhamentos 44 Visualizações
  • WWW.ARCHITECTSJOURNAL.CO.UK
    Mikhail Riches wins work for Manchester Councils housing company
    The design team set to work by the housing company, which is wholly owned by Manchester City Council, includes landscape architect Planit, engineers Buro Happold and ZCD Architects, acting as engagement consultants. The team was chosen by Mace, the leading contractor on the scheme.The project includes a 700-home masterplan for Monsall in north Manchester, a further 150 homes in Grey Mare Lane in east Manchester and another 150 at Hyde Road close to the National Speedway Stadium.All the sites will use brownfield land and developer This City said it was taking an inclusive approach to engagement, which included both traditional public consultation and new community panels for two of the sites, one working with typically hard-to-reach stakeholders in the local area and the other with a group of young people from a local school.AdvertisementManchester City Council has approved a further 5.1 million funding to progress the developments. The cash will support initial design work and surveying costs ahead of planning applications next year.Designs for the Hyde Road plots and Grey Mare Lane estate regeneration package are expected to be shown to the public in February and submissions lodged in May. Masterplanning for the Grey Mare Lane estate regeneration has already been completed as part of a partnership between Manchester City Council, Great Places Housing Group, One Manchester and This City.At Monsall, designs will be shown at public consultation in mid-March, with plans due to be submitted by the end of May.Both the market and affordable housing delivered through This City will contribute to Manchester City Councils wider housing strategy to build at least 36,000 homes by 2032. This vision includes 10,000 genuinely affordable, council and social homes of which at least 3,000 will be in the city centre.Founding director David Mikhail said that a fifth of the 1,000 proposed homes would be capped at the Manchester Living Rent.AdvertisementHe said: Manchester has long been a city that does things differently and we are delighted to have been chosen for such an exciting project. The council is planning to deliver their homes at speed, focusing on low energy bills for their residents while making high-quality new neighbourhoods.Mikhail Riches previous history of masterplanning large-scale housing schemes includes the 575 units it is working on at the Bridgewater triangle in the Queen Elizabeth Olympic Park and the 600-home low-carbon housing projects for City of York Council across multiple sites.In September, the practice, working with Periscope, was chosen by Capital & Centric to create a major new housing-led neighbourhood in Wolverhampton city centre on a site which previously housed a Sainsburys and a car park (winning design pictured below).The developer has teamed up with the City of Wolverhampton on the inclusive and sustainable transformation of the plot next to Wolverhamptons Grade II-listed St Georges Church, which has been disused since 2015.WINNER: Mikhail Riches and Periscope (Team 2)
    0 Comentários 0 Compartilhamentos 46 Visualizações