0 Комментарии
0 Поделились
6 Просмотры
Каталог
Каталог
-
Войдите, чтобы отмечать, делиться и комментировать!
-
THEHACKERNEWS.COMFlying Under the Radar - Security Evasion TechniquesDive into the evolution of phishing and malware evasion techniques and understand how attackers are using increasingly sophisticated methods to bypass security measures.The Evolution of Phishing Attacks"I really like the saying that 'This is out of scope' said no hacker ever. Whether it's tricks, techniques or technologies, hackers will do anything to evade detection and make sure their attack is successful," says Etay Maor, Chief Security Strategist at Cato Networks and member of Cato CTRL. Phishing attacks have transformed significantly over the years. 15-20 years ago, simple phishing sites were sufficient for capturing the crown jewels of the time - credit card details. Today, attacks and defense methods have become much more sophisticated, as we'll detail below."This is also the time where the "cat-and-mouse" attack-defense game began," says Tal Darsan, Security Manager and member of Cato CTRL. At the time, a major defense technique against credit card phishing sites involved flooding them with large volumes of numbers, in hopes of overwhelming them so they couldn't identify the real credit card details.But threat actors adapted by validating data using methods like the Luhn algorithm to verify real credit cards, checking issuer information via Bank Identification Numbers (BIN), and performing micro-donations to test if the card was active.Here's an example of how attackers validated credit card numbers inputted to phishing sites:Anti-Researcher TechniquesAs phishing grew more advanced, attackers added anti-research techniques to prevent security analysts from studying and shutting down their operations. Common strategies included IP blocking after one-time access to create a false pretense that the phishing site was shut down, and detecting proxy servers, as researchers often use proxies when investigating. The attacker code for one-time IP address access:The attacker code for proxy identification:Attackers have also been randomizing folder structures in their URLs during the past decades, deterring researchers from tracking phishing sites based on common directory names used in phishing kits. This can be seen in the image below:Evading Anti-VirusAnother way to evade security controls in the past was to modify malware signatures with crypting services. This made it undetectable by signature-based antivirus systems. Here's an example of such a service that was once very popular:Evading Device VerificationLet's move on to other modern evasion techniques. First, a phishing attack that targets victims by gathering detailed device informationsuch as Windows version, IP address, and antivirus softwareso attackers can better impersonate the victim's device.This data helps them bypass security checks, like device ID verification, which organizations, like banks, use to confirm legitimate logins. By replicating the victim's device environment (e.g., Windows version, media player details, hardware specs), attackers can avoid suspicion when logging in from different locations or devices.Some dark web services even provide pre-configured virtual machines that mirror the victim's device profile (see image below), adding an extra layer of anonymity for attackers and enabling safer access to compromised accounts. This demonstrates how data science and customization have become integral to criminal operations.Evading Anomaly DetectionAnother case is when defenders faced a gang using malware to exploit live bank sessions, waiting for victims to log in before swiftly performing unauthorized transactions. The challenge was that these actions appeared to come from the victim's own authenticated session, making detection difficult.This resulted in a cat-and-mouse game between attackers and defenders:Initially, defenders implemented a velocity check, flagging transactions completed too quickly as likely fraudulent.In response, attackers modified their code to simulate human typing speed by adding delays between keystrokes. This can be seen in the code below:When defenders adjusted for this by adding random timing checks, attackers countered with variable delays, blending further into legitimate behavior.This illustrates the complexity of detecting sophisticated, automated banking fraud amidst legitimate transactions.Evasive Phishing AttacksNow let's move on to more recent attacks. One of the most prominent attacks analyzed by Cato CTRL included a clever phishing attack designed to mimic Microsoft support. The incident began with a 403 error message that directed the user to a page claiming to be "Microsoft support", complete with prompts to "get the right help and support." The page presented options for "Home" or "Business" support, but regardless of which option was chosen, it redirected the user to a convincing Office 365 login page.This fake login page was crafted as part of a social engineering scheme to trick users into entering their Microsoft credentials. The attack leveraged psychological triggers, such as mimicking error messages and support prompts, to build credibility and exploit the user's trust in Microsoft's brand. This was a sophisticated phishing attempt, focusing on social engineering rather than relying solely on advanced evasion techniques.Deceptive Redirection ChainIn this next analysis, Cato CTRL investigated a phishing attack that employed complex redirection techniques to evade detection. The process began with a deceptive initial link, disguised as a popular search engine in China, which redirected through multiple URLs (using HTTP status codes like 402 and 301) before eventually landing on a phishing page hosted on a decentralized web (IPFS) link. This multi-step redirection sequence complicates tracking and logging, making it harder for cybersecurity researchers to trace the true origin of the phishing page.As the investigation continued, the Cato CTRL researcher encountered multiple evasion techniques embedded within the phishing site's code. For example, the phishing page included Base64-encoded JavaScript that blocked keyboard interactions, effectively disabling the researcher's ability to access or analyze the code directly. Additional obfuscation tactics included breakpoints in the developer tools, which forced redirection to the legitimate Microsoft homepage to hinder further inspection.By disabling these breakpoints in Chrome's developer tools, the researcher eventually bypassed these barriers, allowing full access to the phishing site's source code. This tactic highlights the sophisticated, layered defenses attackers implement to thwart analysis and delay detection, leveraging anti-sandboxing, JavaScript obfuscation and redirection chains.Phishing Resources-based DetectionAttackers are constantly adapting their own defense techniques to avoid detection. Researchers have relied on static elements, such as image resources and icons, to identify phishing pages. For instance, phishing sites targeting Microsoft 365 often replicate official logos and icons without altering names or metadata, making them easier to spot. Initially, this consistency gave defenders a reliable detection method.However, threat actors have adapted by randomizing almost every element of their phishing pages.To evade detection, attackers now:Randomize Resource Names - Image and icon filenames, previously static, are heavily randomized on each page load.Randomize Page Titles and URLs - The titles, subdomains and URL paths constantly change, creating new randomized strings each time the page is accessed, making it more challenging to track.Implement Cloudflare Challenges - They use these challenges to verify that a human (not an automated scanner) is accessing the page, which makes automated detection by security tools harder.Despite these techniques, defenders have found new ways to bypass these evasions, although it's an ongoing game of adaptation between attackers and researchers.The masterclass reveals many more malware and phishing attacks and how they evade traditional measures, including:Malware droppers for payload distribution.HTML files in phishing emails to initiate a multi-step malware download involving password-protected zip files.File smuggling and magic byte manipulation.SVG smuggling and B64 encoding.Leveraging trusted cloud applications (e.g., Trello, Google Drive) for command and control to avoid detection by standard security systems.Prompt injections within malware to mislead AI-based malware analysis tools.Repurposing the TDSS Killer rootkit removal tool to disable EDR services, specifically targeting Microsoft Defender.Telegram bots as a means of receiving stolen credentials, allowing attackers to quickly create new drop zones as needed.Generative AI used by attackers to streamline the creation and distribution of attacks.Network-based threat hunting without endpoint agents.What's Next for Defenders?How can defenders gain the upper hand in this ongoing cat-and-mouse game? Here are a few strategies:Phishing Training & Security Awareness - While not foolproof, awareness training raises the likelihood of recognizing and mitigating cyber threats.Credential Monitoring - Leveraging tools that analyze connection patterns can preemptively block potentially malicious activities.Machine Learning & Threat Detection - Advanced tools to identify sophisticated threats. Unified Threat Hunting Platform - A single, converged platform approach (rather than multiple point solutions) for expanded threat hunting. This includes network-based threat hunting without endpoint agents and using network traffic analysis to detect IoCs.Attack Surface Reduction - Proactively reducing attack surfaces by auditing firewalls, tuning configurations and reviewing security settings regularly. Addressing misconfigurations and following vendor advisories can help secure the organization's defenses against new threats.Avoiding Platform Bloat - Multiple attack chokepoints along the threat kill chain are essential, "but this does not mean adding many point solutions," emphasizes Maor. "A converged platform with one interface that actually can look at everything: the network, the data, through a single pass engine running through each packet and understanding whether it's malicious or not."Watch the entire masterclass here.Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.0 Комментарии 0 Поделились 6 Просмотры
-
THEHACKERNEWS.COMTHN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 18 - Nov 24)We hear terms like "state-sponsored attacks" and "critical vulnerabilities" all the time, but what's really going on behind those words? This week's cybersecurity news isn't just about hackers and headlinesit's about how digital risks shape our lives in ways we might not even realize.For instance, telecom networks being breached isn't just about stolen datait's about power. Hackers are positioning themselves to control the networks we rely on for everything, from making calls to running businesses. And those techy-sounding CVEs? They're not just random numbers; they're like ticking time bombs in the software you use every day, from your phone to your work tools.These stories aren't just for the expertsthey're for all of us. They show how easily the digital world we trust can be turned against us. But they also show us the power of staying informed and prepared. Dive into this week's recap, and let's uncover the risks, the solutions, and the small steps we can all take to stay ahead in a world that's moving faster than ever. You don't need to be a cybersecurity pro to carejust someone who wants to understand the bigger picture. Let's explore it together! Threat of the WeekNew Liminal Panda Group Goes After the Telecom Sector: A previously undocumented China-nexus cyber espionage group, Liminal Panda, has orchestrated a series of targeted cyber attacks on telecom entities in South Asia and Africa since 2020. Using sophisticated tools like SIGTRANslator and CordScan, the group exploits weak passwords and telecom protocols to harvest mobile subscriber data, call metadata, and SMS messages. This development coincides with U.S. telecom providers, including AT&T, Verizon, T-Mobile, and Lumen Technologies, becoming targets of another China-linked hacking group, Salt Typhoon. The U.S. Cyber Command has stated that these efforts aim to establish footholds in critical U.S. infrastructure IT networks, potentially preparing for a major clash with the U.S. Top NewsPalo Alto Networks Flaws Exploited to Compromise About 2,000 Devices: The newly disclosed security flaws impacting Palo Alto Networks firewalls CVE-2024-0012 (CVSS score: 9.3) and CVE-2024-9474 (CVSS score: 6.9) have been exploited to breach roughly 2,000 devices across the world. These vulnerabilities could allow an attacker to bypass authentication and escalate their privileges to perform various malicious actions, including executing arbitrary code. The network security vendor told The Hacker News that the number "represents less than half of one percent of all Palo Alto Networks firewalls deployed globally that remain potentially unpatched." The company also said it had been proactively sharing information since November 8, 2024, urging customers to secure their device management interfaces and mitigate potential threats. The guidance, it added, has been effective in mitigating threat activity to a great extent.5 Alleged Scattered Spider Members Charged: The U.S. unsealed charges against five members of the infamous Scattered Spider cybercrime crew, including a U.K. national, for their role in orchestrating social engineering attacks between September 2021 to April 2023 to steal credentials and siphon funds from cryptocurrency wallets. If convicted, each of the U.S.-based defendants face up to 27 years in prison for all the charges.Ngioweb Botnet Malware Fuels NSOCKS Proxy Service: The malware known as Ngioweb has been used to fuel a notorious residential proxy service called NSOCKS, as well as other services such as VN5Socks and Shopsocks5. The attacks primarily target vulnerable IoT devices from various vendors like NETGEAR, Uniview, Reolink, Zyxel, Comtrend, SmartRG, Linear Emerge, Hikvision, and NUUO, using automated scripts in order to deploy the Ngioweb malware.Russian Threat Actors Unleash Attacks Against Central Asia: A Russian threat activity cluster dubbed TAG-110 has primarily targeted entities in Central Asia, and to a lesser extent East Asia and Europe, as part of a broad campaign that deploys malware known as HATVIBE and CHERRYSPY for information gathering and exfiltration purposes. TAG-110 is assessed to be affiliated with a Russian state-sponsored hacking group called APT28.North Korea's IT Worker Scheme's Chinese Links Uncovered: A new analysis has revealed that the fake IT consulting firms set up North Korean threat actors to secure jobs at companies in the U.S. and abroad are part of a broader, active network of front companies originating from China. In these schemes, the IT workers who land employment under forged identities have been observed funneling their income back to North Korea through the use of online payment services and Chinese bank accounts.Cybercriminals Use Ghost Tap Method for Cash-Out: A legitimate near-field communication (NFC) research tool called NFCGate is being abused by cybercriminals to cash out funds from victim's bank accounts via point-of-sale (PoS) terminals. One crucial caveat here is that the attack hinges on the threat actors previously compromising a device and installing some sort of a banking malware that can capture credentials and two-factor authentication (2FA) codes. Trending CVEsRecent cybersecurity developments have highlighted several critical vulnerabilities, including: CVE-2024-44308, CVE-2024-44309 (Apple), CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-11003, CVE-2024-10224 (needrestart), CVE-2024-51092 (LibreNMS), CVE-2024-10217, CVE-2024-10218 (TIBCO), CVE-2024-50306 (Apache Traffic Server), CVE-2024-10524 (wget), CVE-2024-34719 (Android), CVE-2024-9942 (WPGYM), CVE-2024-52034 (mySCADA myPRO), and CVE-2024-0138 (NVIDIA). These security flaws are serious and could put both companies and regular people at risk. Around the Cyber WorldA New Way to outsmart Fortinet's Logging Mechanism: Thanks to a quirk in Fortinet VPN server's logging mechanism, which only captures failed login events during authentication attempts against the server, a malicious attacker could conceal the successful verification of credentials during a brute-force attack without tipping off incident response (IR) teams of compromised logins. While a log entry for the successful login is created during the authorization phase, the attacker could devise a method that stops at the authentication step, and confirm if the credentials are legitimate. "This discovery was surprising, as it indicated that IR teams monitoring Fortinet VPN usage, cannot differentiate between a failed and a successful brute-force attempt," Pentera said. "This means that if an attacker were to use the technique we discovered, the successful login could go undetected, potentially leaving their network compromised."Cross-Site Scripting (XSS) Flaw Uncovered in Bing: A newly disclosed XSS flaw in Microsoft Bing could have been abused to execute arbitrary code in the context of the website by taking advantage of an API endpoint in Bing Maps Dev Center Portal. This could allow an attacker to render a specially-crafted map within the www.bing[.]com context and trigger code execution by bypassing a Keyhole Markup Language (KML) HTML/XSS blocklist. Following responsible disclosure on August 26, 2024, the issue was addressed by Microsoft as of September 30.CWE Top 25 Most Dangerous Software Weaknesses for 2024 Released: Speaking of XSS flaws, the vulnerability class has topped the list of top 25 Dangerous Software Weaknesses compiled by MITRE based on an analysis of 31,770 Common Vulnerabilities and Exposures (CVE) records from the 2024 dataset. Out-of-bounds writes, SQL injections, Cross-Site Request Forgery (CSRF) flaws, and path traversal bugs round up the remaining four spots. "Uncovering the root causes of these vulnerabilities serves as a powerful guide for investments, policies, and practices to prevent these vulnerabilities from occurring in the first place benefiting both industry and government stakeholders," MITRE said.Millions of Data Records Exposed Due to Power Pages Misconfigurations: Missing or misconfigured access controls in websites built with Microsoft Power Pages are exposing private organizations and government entities' sensitive data to outside parties, including full names, email addresses, phone numbers, and home addresses, leading to potential breaches. "These data exposures are occurring due to a misunderstanding of access controls within Power Pages, and insecure custom code implementations," AppOmni said. "By granting unauthenticated users excessive permissions, anyone may have the ability to extract records from the database using readily-available Power Page APIs." What's more, some sites have been found to grant even anonymous users "global access" to read data from database tables and fail to implement masking for sensitive data.Meta Fined $25.4 million in India Over 2021 WhatsApp Privacy Policy: India's competition watchdog, the Competition Commission of India (CCI), slapped Meta with a five-year ban on sharing information collected from WhatsApp with sister platforms Facebook and Instagram for advertising purposes. It also levied a fine of 213.14 crore (about $25.3 million) for antitrust violations stemming from the controversial 2021 privacy policy update, stating the updated privacy policy is an abuse of dominant position by the social media giant. The policy update, as revealed by The Hacker News in early January 2021, sought users' agreement to broader data collection and sharing with no option to refuse the changes. "The policy update, which compelled users to accept expanded data collection and sharing within the Meta group on a 'take-it-or-leave-it' basis, violated user autonomy by offering no opt-out option," the Internet Freedom Foundation (IFF) said. "The ruling reinforces the need for greater accountability from tech giants, ensuring that users' rights are protected, and the principles of fair competition are upheld in digital markets." Meta said it disagrees with the ruling, and that it intends to challenge CCI's decision.Alleged Russian Phobos ransomware administrator extradited to U.S.: A 42-year-old Russian national, Evgenii Ptitsyn (aka derxan and zimmermanx), has been extradited from South Korea to the U.S. to face charges related to the sale, distribution, and operation of Phobos ransomware since at least November 2020. Ptitsyn, who is alleged to be an administrator, has been charged in a 13-count indictment with wire fraud conspiracy, wire fraud, conspiracy to commit computer fraud and abuse, four counts of causing intentional damage to protected computers, and four counts of extortion in relation to hacking. More than 1,000 public and private entities in the U.S. and around the world are estimated to have been victimized by the ransomware group, earning them more than $16 million dollars in extorted ransom payments. Ptitsyn and his co-conspirators have been accused of advertising the Phobos ransomware for free through posts on cybercrime forums, and charging their affiliates around $300 to receive the decryption key to access the data. Describing it as a "lower-profile but highly impactful threat," Trellix said, "Phobos' approach focused on volume rather than high-profile targets, allowing it to maintain a steady stream of victims while remaining relatively under the radar." It also helped that the ransomware operation lacked a dedicated data leak site, enabling it to avoid drawing the attention of law enforcement and cybersecurity researchers.Jailbreaking LLM-Controlled Robots: New research from a group of academics from the University of Pennsylvania has found that it's possible to jailbreak large language models (LLMs) used in robotics, causing them to ignore their safeguards and elicit harmful physical damage in the real world. The attacks, dubbed RoboPAIR, have been successfully demonstrated against "a self-driving LLM, a wheeled academic robot, and, most concerningly, the Unitree Go2 robot dog, which is actively deployed in war zones and by law enforcement," security researcher Alex Robey said. "Although defenses have shown promise against attacks on chatbots, these algorithms may not generalize to robotic settings, in which tasks are context-dependent and failure constitutes physical harm." Expert Webinar Building Secure AI AppsNo More Guesswork AI is taking the world by storm, but are your apps ready for the risks? Whether it's guarding against data leaks or preventing costly operational chaos, we've got you covered. In this webinar, we'll show you how to bake security right into your AI apps, protect your data, and dodge common pitfalls. You'll walk away with practical tips and tools to keep your AI projects safe and sound. Ready to future-proof your development game? Save your spot today! Protect What Matters Most: Master Privileged Access Security Privileged accounts are prime targets for cyberattacks, and traditional PAM solutions often leave critical gaps. Join our webinar to uncover blind spots, gain full visibility, enforce least privilege and Just-in-Time policies, and secure your organization against evolving threats. Strengthen your defensesregister now! Master Certificate Replacement Without the Headache Is replacing revoked certificates a total nightmare for your team? It doesn't have to be! Join our free webinar and learn how to swap out certificates like a profast, efficient, and stress-free. We'll reveal how to cut downtime to almost zero, automate the entire process, stay ahead with crypto agility, and lock in best practices that'll keep your systems rock-solid. Don't let certificates slow you downget the know-how to speed things up! Cybersecurity ToolsHalberd: Multi-Cloud Security Testing Tool Halberd is an open-source tool for easy, proactive cloud security testing across Entra ID, M365, Azure, and AWS. With a sleek web interface, it lets you simulate real-world attacks, validate defenses, and generate actionable insightsall at lightning speed. From attack playbooks to detailed reports and smart dashboards, Halberd makes tackling cloud misconfigurations a breeze.BlindBrute: Your Go-To Tool for Blind SQL Injection BlindBrute is a powerful and flexible Python tool designed to simplify blind SQL injection attacks. It detects vulnerabilities using status codes, content length, keywords, or time-based methods and adapts to various scenarios with customizable payloads. With features like database and column detection, data length discovery, and multiple extraction methods (character-by-character, binary search, or dictionary attack), BlindBrute ensures efficient data retrieval. Plus, it supports multithreading, customizable HTTP requests, and all major HTTP methods, making it a versatile solution for tackling complex SQL injection tasks with ease. Tip of the WeekNeutralize Threats with DNS Sinkholing Ever wish you could cut off malware and phishing attacks before they even reach your systems? That's exactly what DNS sinkholing doesand it's simpler than you think. By redirecting traffic headed to known malicious domains (used by botnets, phishing, or malware) to a "sinkhole" IP, this technique blocks threats right at the source. All you need is a DNS server, a feed of real-time threat data from sources like Spamhaus or OpenPhish, and a controlled sinkhole server to stop bad actors in their tracks.But here's the kicker: DNS sinkholing doesn't just block threatsit's a detective, too. When infected devices try to reach sinkholed domains, their activity gets logged, giving you a clear view of which endpoints are compromised. This means you can pinpoint the issue, isolate the infected devices, and fix the problem before it spirals out of control. Want to take it a step further? You can even set it up to alert users when threats are blocked, raising awareness and curbing risky behavior.The best part? Pair DNS sinkholing with automated tools like SIEM systems, and you'll get instant alerts, detailed threat reports, and a real-time look at your network security. It's low-cost, high-impact, and incredibly effectivea modern, proactive way to turn your DNS into your first line of defense. Ready to level up your threat management game? DNS sinkholing is the tool you didn't know you needed.ConclusionThis week's news shows us one thing loud and clear: the digital world is a battleground, and everything we useour phones, apps, and networksis in the crossfire. But don't worry, you don't need to be a cybersecurity expert to make a difference.Staying sharp about threats, questioning how secure your tools really are, and doing simple things like keeping software updated and using strong passwords can go a long way.Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.0 Комментарии 0 Поделились 6 Просмотры
-
SCREENCRUSH.COMLilo & Stitch Debut in Live-Action In First Remake TeaserThe Disney live-action remake train rolls on withLilo & Stitch, one of the final 2D animated movies from the studio and now a live-action remake fromDean Fleischer Camp (Marcel the Shell With Shoes On). The new version features a live-action cast, plus Stitch, who is still an animated creation, obviously, but now done in more realistic 3D digital animation instead of the hand-drawn kind.You can get your first look at the live-action Stitch in the films first teaser below. I would assume if youre planning on seeingMoana 2 in theaters this weekend, youll almost certainly see it on the big screen there as well.READ MORE: The Worst Disney Live-Action Remakes EverThe originalLilo & Stitch premiered in the summer of 2002 and became a major hit for Disney. It told the story of a Hawaiian orphan named Lilo who strikes up a friendship with a furry alientroublemaker who winds up on Earth. After grossing nearly $300 million in theaters, Lilo & Stitchspawnedseveral direct-to-video sequels, numerous animated series, a bunch of video games and now this remake.Here is thenewLilo & Stitchsofficial synopsis:A live-action reimagining of Disneys 2002 animated classic, Lilo & Stitch is the wildly funny and touching story of a lonely Hawaiian girl and the fugitive alien who helps to mend her broken family. Directed by Dean Fleischer Camp, the Oscar-nominated filmmaker behind the animated feature film Marcel the Shell with Shoes On, the film stars Sydney Elizebeth Agudong, Billy Magnussen, Tia Carrere, Hannah Waddingham, Chris Sanders, with Courtney B. Vance, and Zach Galifianakis, introducing Maia Kealoha.Lilo & Stitch(in live-action) is scheduled to open in theaters on May 23, 2025.Get our free mobile app15 Once-Beloved Movies That Have Faded AwayThese movies were massive blockbusters on their initial release. As the years have gone by, theyve havent become generational classics.Filed Under: Disney, Lilo and StitchCategories: Movie News, Trailers0 Комментарии 0 Поделились 6 Просмотры
-
WEWORKREMOTELY.COMOnTheGoSystems: RecruiterAre you passionate about connecting with talented people and helping them find their perfect fit? Do you thrive in a remote work environment and excel in recruiting for IT positions? If so, wed love to hear from you!At OTGS, were looking for a dedicated and results-driven Recruiter to help us grow our global team. Youll play a crucial role in finding, attracting, and hiring top talents while ensuring a seamless and positive hiring experience for both candidates and hiring teams.Must-Have+5 years experience as a recruiter, and at least 3 years in a remote-work with a focus on hiring for remote IT positions,Hands-on experience with various selection processes (resume screening, video interviewing, reference checking, etc),Hands-on experience with job boards and recruiting software,Excellent verbal and written English communication skills, with the ability to engage candidates and internal team members effectively,Strong decision-making skills,Creative problem-solving and adaptability in challenging hiring situations,Reliability and resourcefulness,Enthusiasm for staying up-to-date with recruitment trends, tools, and best practices,Flexibility and readiness to help with other HR-related responsibilities when needed,Genuine care for candidate experience, ensuring every applicant has a positive interaction with OTGS.Nice-to-HaveExpertise in Excel/Google Sheets,Experience with using AI for recruitment needs,Ability to speak other languages.Key QualitiesPassionate about People: you are enthusiastic about connecting with people, understanding their strengths, and aligning them with the right opportunities.Result-Oriented and Self-Motivated: you have a proven track record of meeting hiring targets and achieving recruitment KPIs.Detail-Oriented and Organized: you are experienced in managing multiple roles simultaneously with efficiency, ensuring timely follow-ups and clear communication.Data-Driven Mindset: you useWhat Youll DoCollaborate with our HR, development, and marketing teams to understand their needs and requirements,Come up with an advertising strategy and choose the best places to advertise for candidates,Write great job descriptions,Post jobs and do the initial candidate screening,Manage the entire interview process,Provide honest, constructive, and caring feedback to all candidates at all stages of the process,Assess applicants relevant knowledge, hard skills, soft skills, experience, aptitudes, and whether they will be a positive addition to our culture.Take care of the referral check processProvide analytical and well-documented recruiting reports to the rest of the team.Help with other HR-related tasks and activities if needed.What We Offer100% remote position,Body And Mind Movement (BAMM) program to support your physical activities and other hobbies,A computer budget to make your workplace better,A Kindle device with an access to our company Amazon account,We respect national holidays in each country and want you to have a rest these days,Being part of a team of smart, self-driven individuals,Great opportunity to progress and advance,Collaborating with team members across the globe.Were excited to hear from you and see what we can achieve together at OTGS! Related Jobs See more All Other Remote jobs0 Комментарии 0 Поделились 6 Просмотры
-
-
WWW.TECHNOLOGYREVIEW.COMHow Trumps tariffs could drive up the cost of batteries, EVs, and morePresident-elect Donald Trumps America First plan to enact huge tariffs on imported goods threatens to jack up the cost and slow down the development of US cleantech projects. On the campaign trail, Trump pledged to enact 10% to 20% across-the-board tariffs on all overseas products, 60% to 100% tariffs on Chinese goods, and 25% to 100% tariffs on products from Mexicothe last in part to prevent the flow of goods from Chinese companies setting up manufacturing plants there and in part to force Mexico to halt migration into the US. These plans could easily add billions of dollars to the prices that US companiesand therefore consumerspay for batteries and electric vehicles, as well as the steel used to build solar farms, geothermal plants, nuclear facilities, transmission lines, and much more. This is going to raise the cost of clean energy and that will slow down the revolution, says David Victor, a professor of public policy at the University of California, San Diego, in reference to the otherwise accelerating development of low-emissions industries. Trumps campaign rhetoric certainly hasnt always translated into enacted policies. But he has consistently asserted that tariffs will force companies to produce more goods on American soil, restoring US manufacturing, creating jobs, and easing the federal deficitwhile inflicting economic pain on international economic rivals like China. Tariffs are the greatest thing ever invented, Trump proclaimed at a rally in Flint, Michigan, in September. But despite what Trump says or understands about tariffs, they are effectively a domestic tax paid by the US businesses purchasing those goods and passed on to American consumers in the form of higher prices. (Plenty of Republicans agree.) Many economists and international affairs experts argue that such trade restrictions should be applied judiciously, if at all, because they can boost inflation, trigger retaliatory trade policies, chill investment, and stall broader economic growth. The precise impact of Trumps proposed tariffs on any given sector will depend on how high the incoming administration ultimately sets those fees, how they compare to existing tariffs, where else the goods in question can be purchased, how companies and nations respond over time, and what other policies the administration enacts. But here are three areas where the costs of materials and products that are crucial to the energy transition could rise under the plans that Trump sketched out on the campaign trail. Batteries China is one of the worlds largest producers of EVs, batteries, solar cells, and steel, but in part due to previous trade restrictions, the US doesnt rely heavily on the nation for most of these products (at least not directly). But theres one exception to that, and its batteries, says Antoine Vagneur-Jones, head of trade and supply chains at BloombergNEF, a market research firm. China absolutely dominates the battery sector. According to a 2022 report from the International Energy Agency, the country produces around 85% of the worlds battery anodes, 70% of its cathodes, and 75% of its battery cells. In addition, more than half of the global processing of lithium, cobalt, and graphite, key minerals used to produce lithium-ion batteries, occurs in China. The US imported some $4 billion worth of lithium-ion batteries from China in the first four months of this year, according to BloombergNEF. A Stihl employee assembling rechargeable batteries for tools.BERND WEI'BROD/PICTURE-ALLIANCE/DPA/AP IMAGES The US already has a variety of tariffs on Chinese goods in place. President Biden preserved many of the ones that Trump enacted during his first term, and he even increased a number of them earlier this year. The White House said the action was taken in response to what it described as Chinas unfair trade practices. But it was just the latest action in a long-running, bipartisan quest to counter Chinas growing economic strength and grip on key components of the high-tech and cleantech sectors. Still, Trumps proposed 60% to 100% tariffs would far exceed the ones currently set on batteries, which stand at 28.4% for EV batteries. On a $4 billion purchase, those border fees would add up to $2.4 billion at the low end, more than double the added cost under the current tariff rate, or (perhaps obviously) $4 billion at the high end, all else being equal. Vagneur-Jones notes that even with a 60% tariff, Chinese batteries are so inexpensive that they would remain cost competitive with US-produced ones. But this would still represent a big jump over current costs for companies that need to buy batteries for EVs, home solar systems, or grid storage plants. And because China is such a dominant producer, US businesses would have limited paths for purchasing those batteries from other sources at similar volumes. Steel Steel is used in just about every single cleantech or climate-tech project today. Strong and durable, it forms vital parts of wind turbines, hydropower plants, and solar farms. All that steel has to come from somewhere, and for the most part, its not the US. Last year, the US imported 3.8 million tons of steel mill products valued at $4.2 billion from Mexico, according to data from the International Trade Administrations Global Steel Trade Monitor. Steel imported to the US from Mexico, the nations second-largest supplier of the metal alloy, generally isnt subject to significant tariffs, so long as it was originally melted and poured in Mexico, Canada, or the United States. So a 25% to 100% tariff on the same value of steel would cost US companies an extra $1.1 billion to $4.2 billion (all else being equal and without accounting for fees on certain steel products.) (Earlier this year, the Biden administration did impose a 25% tariff on imports of steel from Mexico that were originally melted and poured in other nations, as part of an effort to prevent major suppliers like China from sidestepping tariffs. But those taxes apply only to a small fraction of shipments.) Rolls of galvanized steel.ADOBE STOCK Meanwhile, Trumps 10% to 20% tariff on all nations could add up to that same amount to the cost of steel from other suppliers around the world, depending on how those compare to each nations existing tariffs. That may, for example, lump up to $1.6 billion onto the nearly $8 billion worth of steel the US imported last year from Canada, the nations largest source (all else being equal and without accounting for fees on certain steel products.) Those fees would boost the costs for any US company that uses steel that isnt supplied by domestic producers, including cleantech businesses building demo projects or commercial-scale facilities. Plenty of projects will be spared, though. Those that are receiving various federal loans, grants, or tax incentives are generally already required to source their steel from the US, in which case they wouldnt be affected by such tariffs, explained Derrick Flakoll, a North America policy associate at BloombergNEF, in an email. But competition to secure limited supplies of domestic steel is likely to get more intense. The US dominated global steel production during much of the last century, but its now ranked a distant fourth, generating about one-twelfth as much as China last year, according to the World Steel Association. We went down the path of globalization, says Joshua Posamentier, co-founder and managing partner of Congruent Ventures, a climate-focused venture firm in San Francisco. We are now utterly dependent on all the other parts of the world. Electric vehicles The US is the worlds largest importer of EVs, purchasing nearly $44 billion dollars worth of battery, hybrid, and plug-in hybrid cars and trucks last year, according to the World Trade Organization. Its the biggest export market for Germany and South Korea, according to BloombergNEF. If Trump enacted a 10% to 20% tariff on all foreign goods, it would add between $4.4 and $8.8 billion in costs on the same volume of EV purchases (all else being equal and without adjusting for nation-by-nation fees already in place). His still higher proposed tariffs on Mexico would addsubstantially bigger premiums on vehicles built in the country, which exported more than 100,000 EVs produced by auto giants including Ford and Chevrolet last year, according to the Mexican Automotive Industry Association. Meanwhile, BMW, Tesla and Chinese companies BYD and Jetour have all announced plans to produce EVs in Mexico. A Porsche employee checks the paint on the body of an all-electric Porsche Macan, at the automaker's plant in Leipzig, Germany. JAN WOITAS/PICTURE-ALLIANCE/DPA/AP IMAGES While China is the worlds largest manufacturer of EVs, Trumps hopes of levying a 60% to 100% tariff on the nationsgoods probably wouldnt have a huge impact on that sector. Thats because the nation already imports very few Chinese EVs. Plus, President Biden himself recently ratcheted up the tariff rate to 100%. The broader impacts on EVs will likely be further complicated by the incoming Trump administrations reported plans to roll back federal rules and subsidies supporting the sector, including parts of the Inflation Reduction Act. Repealing key provisions of Bidens signature climate law would work against the goal of countering Chinas dominance, as those federal incentives have already triggered a development boom for US-based battery and EV projects, says Albert Gore, executive director of the Zero Emission Transportation Association.It would undercut a lot of investment into manufacturing across the United States, he says.The big concern Applied sensibly, tariffs can help certain domestic industries, by enabling companies to compete with the lower costs of overseas producers, catch up with manufacturing innovations or product improvements, and counter unfair trade practices. Some US cleantech companies and trade groups, including solar manufacturers like First Solar and Swift Solar, have argued in favor of stricter trade restrictions. Earlier this year, those and other companies represented by the American Alliance for Solar Manufacturing Trade Committee petitioned the federal government to investigate potentially illegal trade practices in Cambodia, Malaysia, and Vietnam. They alleged that China and Chinese-based companies have circumvented trade restrictions by shipping goods through distribution hubs in those countries and dumped goods priced below production costs in the US to seize market share. Neither the companies nor the trade association responded to inquiries from MIT Technology Review concerning their view of Trumps proposals before press time. Nor did the American Clean Power Association, which represents developers of solar farms and has opposed recent duty increases, which can drive up the costs of such projects. Over time, Trumps tariffs may indeed compel companies to bring more of their manufacturing operations back to the US and help diversify the global supply chain for crucial goods, UC San Diegos Victor says. The tariffs are likely to fuel more mining and processing of critical minerals like lithium and nickel in the US, too, given both the increased costs on imported materials and the administrations plans to roll back environmental and permitting rules. They love extractive sectors, says Jonas Nahm, an associate professor at the Johns Hopkins School of Advanced International Studies. But the big concern is that Trumps plans to boost tariffs, cut government spending, and enact other policy changes could stall the broader economy, says Rachel Slaybaugh, a partner at DCVC, a San Francisco venture firm. Indeed, the combined effects of Trumps proposals, including his pledge to deport hundreds of thousands to millions of workers, may drive up US inflation more than 4% by 2026 while cutting gross domestic product by at least 1.3%, according to an analysis by the Peterson Institute for International Economics, a nonpartisan research firm in Washington, DC. The tariffs alone could cost typical households an extra $2,600 per year. They may also trigger retaliatory measures by other nations, including China, which could impose their own steeper fees on US products or cut off the flow of crucial goods. Slaybaugh expects to see a continued slowdown in venture investments into cleantech companies in the coming months, as investors wait to see how aggressively the Trump administration implements the various pledges he made on the campaign trail. That pause alone will make it harder for startups to secure the capital they need to scale up or sustain operations. Even if the tariffs do eventually push US businesses to produce more of the goods currently being delivered cheaply and efficiently from elsewhere, it leaves a big problem when it comes to the clean energy transition: Given the higher expenses of US labor, land, and materials, it will simply cost far, far more to build the modern, low-emissions energy and transportation systems the nation now needs, Nahm says. At this point, after China has spent decades and vast sums locking down global supply chains, scaling up production, and driving down manufacturing costs, its foolhardy to believe that US businesses can easily step in and crank out these essential goods in relative global isolation, as Victor and his colleague, Michael Davidson, argued in a recent Brookings essay. Collaboration and competition, not hostility, are how we can catch up to the worlds largest supplier of clean technology products, they wrote.0 Комментарии 0 Поделились 6 Просмотры
-
WWW.CNET.COMCNET Money's Expert Review BoardReal people. Real advice.0 Комментарии 0 Поделились 7 Просмотры
-
WWW.CNET.COMVoyager 1 Activated a Radio It Hadn't Used in 40 YearsThe iconic space probe Voyager 1 was the first manmade object to escape the solar system, traveling at a maximum speed of 38,000 MPH for 35 years to accomplish the feat. The probe initially launched on Sept. 5, 1977, and when tech gets that old, it's bound to run into some issues. Voyager 1 gave NASA a scare last month when the space agency lost track of it for a few days, only to find it again on a different radio frequency when the probe switched to a radio it hadn't used since the 1980s.The drama began on Oct. 16 when NASA engineers told Voyager 1 to turn on one of its heaters. Voyager 1 should have had enough power left in its banks to turn on the heater without issue, but an unknown event caused it to trigger its fault-protection system, a system that enables and disables various instruments on the probe to help save power. Due to radio transmissions taking nearly a full day to reach Earth from beyond the solar system, NASA didn't know it had lost contact with Voyager 1 until Oct. 18. A computer-generated image of Voyager's position relative to the solar system as of October 2024. NASAAt the time, the probe had reduced power to its X-Band radio, which caused it to transmit on a different frequency. NASA was able to regain contact by sweeping the X-Band frequencies for a short while only to lose contact again on Oct. 19. This time, NASA found out that Voyager 1 had disabled the X-Band radio entirely and switched instead to the S-Band radio, a radio that Voyager 1 hadn't used since 1981. NASA sent a test signal to confirm that the S-Band radio was, in fact, switched on and received a response on Oct. 24.NASA says that it's going to leave the S-Band radio on for the time being while it figures out why the fault protection system kicked on to return Voyager to normal operations, including restoring the X-Band radio to service.Nearly 50-year-old tech Upgrade your inbox Get cnet insider From talking fridges to iPhones, our experts are here to help make the world a little less complicated. Voyager 1 and Voyager 2 have been through their fair share of issues. Voyager 1had technical issues in 2023 that required fixing before the probe started sending science data again in June 2024, while Voyager 2 had some instruments shut down to conserve power in October 2024.Both probes are in reasonably good health for their ages, but neither probe is getting any younger. Both probes are powered by radioisotope thermoelectric generators. These generators contain plutonium that is continually decaying and the generators use the heat generated from the decay to power the probes.As the material continues to decay, the amount of heat it generates lessens, thus supplying Voyager 1 and 2 with less power as time goes on. To combat this effect, NASA has been periodically shutting down non-essential systems to keep both probes flying and working for as long as possible.Currently, both probes have a variety of systems turned off to conserve power, including the imaging subsystem responsible for the iconic blue dot photo of Earth. Some of the science instruments are still online, though, and are still transmitting data. Those instruments continue to provide valuable data about the universe outside of our solar system, including the ever-present interstellar gas that Voyager 1 continues to float through to this day.0 Комментарии 0 Поделились 6 Просмотры
-
WWW.SCIENTIFICAMERICAN.COMDr. Oz Invested in Businesses Regulated by Agency Trump Wants Him To LeadNovember 25, 20246 min readDr. Oz Invested in Businesses Regulated by Agency Trump Wants Him To LeadCelebrity doctor Mehmet Oz recently held broad investments inhealthcare, tech, and food companiesBy Darius Tahir & KFF Health NewsMehmet Oz, celebrity physician and US Republican Senate candidate for Pennsylvania, speaks during a town hall in Bell Blue, Pennsylvania, US, on Monday, May 16, 2022. Rachel Wisniewski/Bloomberg via Getty ImagesPresident-elect Donald Trumps choice to run the sprawling government agency that administers Medicare, Medicaid, and the Affordable Care Act marketplace celebrity doctor Mehmet Oz recently held broad investments in health care, tech, and food companies that would pose significant conflicts of interest.Ozs holdings, some shared with family, included a stake in UnitedHealth Group worth as much as $600,000, as well as shares of pharmaceutical firms and tech companies with business in the health care sector, such as Amazon. Collectively, Ozs investments total tens of millions of dollars, according to financial disclosures he filed during his failed 2022 run for a Pennsylvania U.S. Senate seat.Trump said Tuesday he would nominate Oz as administrator of the Centers for Medicare & Medicaid Services. The agencys scope is huge: CMS oversees coverage for more than 160 million Americans, nearly half the population. Medicare alone accounts for approximately $1 trillion in annual spending, with over 67 million enrollees.On supporting science journalismIf you're enjoying this article, consider supporting our award-winning journalism by subscribing. By purchasing a subscription you are helping to ensure the future of impactful stories about the discoveries and ideas shaping our world today.UnitedHealth Group is one of the largest health care companies in the nation and arguably the most important business partner of CMS, through which it is the leading provider of commercial health plans available to Medicare beneficiaries.UnitedHealth also offers managed-care plans under Medicaid, the joint state-federal program for low-income people, and sells plans on government-run marketplaces set up via the Affordable Care Act. Oz also had smaller stakes in CVS Health, which now includes the insurer Aetna, and in the insurer Cigna.Its not clear if Oz, a heart surgeon by training, still holds investments in health care companies, or if he would divest his shares or otherwise seek to mitigate conflicts of interest should he be confirmed by the Senate. Reached by phone on Wednesday, he said he was in a Zoom meeting and declined to comment. An assistant did not reply to an email message with detailed questions.Its obvious that over the years hes cultivated an interest in the pharmaceutical industry and the insurance industry, said Peter Lurie, president of the Center for Science in the Public Interest, a watchdog group. That raises a question of whether he can be trusted to act on behalf of the American people. (The publisher of KFF Health News, David Rousseau, is on the CSPI board.)Oz used his TikTok page on multiple occasions in November to praise Trump and Robert F. Kennedy Jr., including their efforts to take on the illness-industrial complex, and he slammed so-called experts like the big medical societies for dishing out what he called bad nutritional advice. Ozs positions on health policy have been chameleonic; in 2010, he cut an ad urging Californians to sign up for insurance under President Barack Obamas Affordable Care Act, telling viewers they had a historic opportunity.Ozs 2022 financial disclosures show that the television star invested a substantial part of his wealth in health care and food firms. Were he confirmed to run CMS, his job would involve interacting with giants of the industry that have contributed to his wealth.Given the breadth of his investments, it would be difficult for Oz to recuse himself from matters affecting his assets, if he still holds them. He could spend his time in a rocking chair if that happened, Lurie said.In the past, nominees for government positions with similar potential conflicts of interest have chosen to sell the assets or otherwise divest themselves. For instance, Treasury Secretary Janet Yellen and Attorney General Merrick Garland agreed to divest their holdings in relevant, publicly traded companies when they joined the Biden administration.Trump, however, declined in his first term to relinquish control of his own companies and other assets while in office, and he isnt expected to do so in his second term. He has not publicly indicated concern about his subordinates financial holdings.CMS main job is to administer Medicare. About half of new enrollees now choose Medicare Advantage, in which commercial insurers provide their health coverage, instead of the traditional, government-run program, according to an analysis from KFF, a health information nonprofit that includes KFF Health News.Proponents of Medicare Advantage say the private plans offer more compelling services than the government and better manage the costs of care. Critics note that Medicare Advantage plans have a long history of costing taxpayers more than the traditional program.UnitedHealth, CVS, and Cigna are all substantial players in the Medicare Advantage market. Its not always a good relationship with the government. The Department of Justice filed a 2017 complaint against UnitedHealth alleging the company used false information to inflate charges to the government. The case is ongoing.Oz is an enthusiastic proponent of Medicare Advantage. In 2020, he proposed offering Medicare Advantage to all; during his Senate run, he offered a more general pledge to expand those plans. After Trump announced Ozs nomination for CMS, Jeffrey Singer, a senior fellow at the libertarian-leaning Cato Institute, said he was uncertain about Dr. Ozs familiarity with health care financing and economics.Singer said Ozs Medicare Advantage proposal could require large new taxes perhaps a 20% payroll tax to implement.Oz has gotten a mixed reception from elsewhere in Washington. Pennsylvania Sen. John Fetterman, the Democrat who defeated Oz in 2022, signaled hed potentially support his appointment to CMS. If Dr. Oz is about protecting and preserving Medicare and Medicaid, Im voting for the dude, he said on the social platform X.Ozs investments in companies doing business with the federal government dont end with big insurers. He and his family also hold hospital stocks, according to his 2022 disclosure, as well as a stake in Amazon worth as much as nearly $2.4 million. (Candidates for federal office are required to disclose a broad range of values for their holdings, not a specific figure.)Amazon operates an internet pharmacy, and the company announced in June that its subscription service is available to Medicare enrollees. It also owns a primary care service, One Medical, that accepts Medicare and select Medicare Advantage plans.Oz was also directly invested in several large pharmaceutical companies and, through investments in venture capital funds, indirectly invested in other biotech and vaccine firms. Big Pharma has been a frequent target of criticism and sometimes conspiracy theories from Trump and his allies. Kennedy, whom Trump has said hell nominate to be Health and Human Services secretary, is a longtime anti-vaccine activist.During the Biden administration, Congress gave Medicare authority to negotiate with drug companies over their prices. CMS initially selected 10 drugs. Those drugs collectively accounted for $50.5 billion in spending between June 1, 2022, and May 31, 2023, under Medicares Part D prescription drug benefit.At least four of those 10 medications are manufactured by companies in which Oz held stock, worth as much as about $50,000.Oz may gain or lose financially from other Trump administration proposals.For example, as of 2022, Oz held investments worth as much as $6 million in fertility treatment providers. To counter fears that politicians who oppose abortion would ban in vitro fertilization, Trump floated during his campaign making in vitro fertilization treatment free. Its unclear whether the government would pay for the services.In his TikTok videos from earlier in November, Oz echoed attacks on the food industry by Kennedy and other figures in his Make America Healthy Again movement. They blame processed foods and underregulation of the industry for the poor health of many Americans, concerns shared by many Democrats and more mainstream experts.But in 2022, Oz owned stakes worth as much as $80,000 in Dominos Pizza, Pepsi, and US Foods, as well as more substantial investments in other parts of the food chain, including cattle; Oz reported investments worth as much as $5.5 million in a farm and livestock, as well as a stake in a dairy-free milk startup. He was also indirectly invested in the restaurant chain Epic Burger.One of his largest investments was in the Pennsylvania-based convenience store chain Wawa, which sells fast food and all manner of ultra-processed snacks. Oz and his wife reported a stake in the company, beloved by many Pennsylvanians, worth as much as $30 million.KFF Health News, formerly known as Kaiser Health News (KHN), is a national newsroom that produces in-depth journalism about health issues and is one of the core operating programs at KFF the independent source for health policy research, polling, and journalism.0 Комментарии 0 Поделились 6 Просмотры