On a gray afternoon in Paris, the Montreal-born interior designer Martin Brlwho keeps offices in Brooklyn and here, just off the Tuileries Garden, in a neighborhood of fine art and antiques galleriesstudied photographs on his phone of a recent project in Surfside, Florida. The sun! Brl says with a little laugh and a small sigh.His clients had come to him with an apartment in one of the two residential towers added in 2017 to the citys historic Surf Club, which opened nearly a century ago. Richard Meier, the architect of the towers, delivered a pitch-perfect update to the clubs Mediterranean Revival style and country-club-on-a-beach sensibility, says Brl, and the long and open layout of the original three-bedroom residence, which the renovation saw converted into a one-bedroom pied--terre with an office and a yoga room, wasnt anything either the owners or Brl had a mind to change.Adrian GautThe dining room of a holiday apartment in Surfside, Florida, in a Richard Meierdesigned building with interiors by Martin Brl Studio. The pendant is by Patrice Dangel for Galerie Alexandre Biaggi, the tapestry by Emilio Terry, and the travertine surfboard by Reena Spaulings. The dining table is custom, the rug is by Diurne, and the plates are by Matthieu Coss.Its a quite casual apartment, says Brl. Its like a very big hotel suite. Thats what the clients wanted. (The Surf Clubs residential towers are serviced by the Four Seasons.) Because this was to be such an easy-breezy place, a utilitarian address at which the owners wished not to entertain but to unbutton, Brl instated just enough color and texture to reach an at-home register. Usually, Im layering and layering, says the designer, who has a penchant for furniture and objects from the 1930s and 40s. But here theres an intentional spareness, a boat vibe, he says. He paneled half of the apartment, including the family room, in oak shiplap, the wood pickled and wire brushed into a state of perfect relaxedness.Adrian GautThe kitchens backsplash and ceiling tiles are custom-painted by Matthieu Cosse. The cabinetry is by Boffi, the custom runner is by Cogolin, and the fittings are by Rubinetterie Stella.He set that room with a television and a custom sofa, club chairs, and an ottoman, all of which he draped in a striped wool Raf Simons for Kvadrat fabric. There is a discreet Cogolin rug and, smartly, not much else: a crystal teal vase and an Art Deco scallop-shaped sconce, which glows like a fistful of light. In Surfside, Brls serenely sophisticated touch also favors ceramic, raffia, and stone: A surfboard leans against a wall in the dining room, but its a sculpture, carved from tonal orange-red travertine as if in observance of the natural cadence of sunrise and sunset.An adjacent Emilio Terry tapestry records the meandering forms of red coral and green seaweed in a frame of white shells. Theres actually no art that can be affected by the sun, he says, stressing just how carefully he dialed down into unfussy design.See More of This Dreamy Pied--TerreThe galley kitchen had no windows and glossy white cabinetry that the clients opted to retain: Brl prescribed custom tiles hand-painted by the Parisian artist Matthieu Coss, whose minimalist brushstrokes effect a horizon scene on the walls and ceiling in which mer meets terre under a cloud-tufted sky. (Coss, who has created frescoes for the Herms flagship on Pariss rue de Svres, and whose work recalls the tattoos wrought by Jean Cocteau on the walls of his villa on the Cte dAzur, also produced a series of dinnerware drawn with marine life for the project.) Lightness of being is what that is, Brl says.Its a quite casual apartment...like a very big hotel suite. Martin BrlThe bedroom may be the lightest of all. Oak wainscoting rises just above a headboard covered in a raw silk-cotton fabric by Jim Thompson in a shade between aquamarine and seafoam. Brl covered the wall above the wainscoting, which is encrusted with a ceramic installation by Cocobolo, in the same dynamic blue-green.Adrian GautA Jim Thompson fabric covers the walls and headboard in the bedroom. The ceramic wall sculpture is by Cocobolo, the table lamps are by Collier Webb, and the bedspread is by Frette.The color reflects in the mirrors of the vanity nook opposite the bed, which Brl converted from a closet, and rhymes with the water that constantly, visibly laps the beach below the living room, a space the designer fitted with vintage rattan club chairs by Henry Olko and a low travertine table like a full moon, an allusion that Brl barely acknowledges, perhaps because its so obvious.This building and this sixth-floor pied--terre are programmed for water and sky, he says, gesturing again at the ocean view out the windows and off the expansive terrace, which he furnished with aluminum tables and chairs by McKinnon and Harris, finished with bespoke cushions. I want the clients to lounge about and enjoy that view. Everything is simply about that view.This story originally appeared in the Winter 2025 issue of ELLE DECOR. SUBSCRIBE

When interior designer Minnette Jackson and her family relocated from Nashville to Houston, the fresh start came with an opportunity to once again turn an unfamiliar setting into a home. I had slowly made our previous home a place we loved to be and to entertain, and now I got to repeat the process in a new place, says designer. My goal is always to create something classic, fresh, and livable but still have an air of everyday elegance, even with kiddos running around. The 1935 brick homes dreary yellow exterior didnt stop Jackson from seeing its charm. A turret on the front of the house, a nod to Tudor-style architecture, drew her in. The house needed a handful of immediate upgrades, like new windows and a partial foundation repair, but the four-bedroom, three-and-a-half-bathroom property was otherwise in great shape. The biggest change came in painting the whole house and in refreshing the kitchen, she says.The kitchen layout and cabinetry were good enough to keep, but just about everything elsecountertops, backsplash, hardware, lighting, and most of the paintwas changed to make the space light and bright. In the living room, Jackson honored the history of the house by adding elliptical arches to openings where the previous owner had removed the original casework. A little powder bath also got a big reworkthe new blue-and-white Sandberg wallpaper is reminiscent of the neighborhoods oak trees.Coats of baby blue, crisp white, and soft cream paint revitalize the property inside and out. There was a moment right after the painter started painting the exterior where I wasnt sure about the color, Jackson says of the shade Ballet White by Benjamin Moore. I almost panicked but then looked closely at the bucket and realized the store had mixed the color wrong. Thank goodness he had only just begun painting, and it was an easy fix!Throughout the 3,200-square-foot-space, Jackson mixed antiques and contemporary furnishings and decor. I do love objects with a story and incorporated several pieces that were in my family or my husbands family, as well as pieces we found together while traveling, Jackson says. Though the renovation was largely cosmetic, Jackson says the house feels much bigger now. And most importantly, it feels like a place where everyone who enters will feel happy and welcome.EntrywayPr BengtssonThe front door of our home is in the turret on the front of the house, so you enter into this airy, two-story space with the original leaded glass above the door, Jackson says. The footprint is small, so I found a shallow piece to go along the wall, this antique Italian bench.As for the art, Jackson calls out the large-scale painting by artist Ashley Longshore (left) as it's both bold in presence but elegant in subject matter; The birds feel a bit like they are flying above you. I love the pairing and how it greets you.Wall art (right): Michael Allen Lowe. Bench: antique, upholstered in Lee Jofa cut velvet. Rug, chest, and lamp: antique.Living RoomPr BengtssonOur living room is long and narrow and was a little tricky to layout, Jackson admits. She ended up creating two seating areas, and she says, I particularly love this end of the room and how cozy it is. At night, its a lovely place to sit with the glow of the brass floor lamps and a favorite cocktail.The Creative Flooring rug is an indoor-outdoor rug, which Jackson notes has been tested many times over.Lamps: Galerie des Lampes. Wall art: Will Berry. Wall paint: custom, by Pittsburgh Paints. Curtains: Joseph Noble, with Schumacher trim. Chairs: vintage, in strie velvet with Samuel & Sons trim. Sofa: vintage. Table: antique.KitchenPr BengtssonIt was a bit dark, with a strange mix of colors, Jackson says of the original kitchen. Ceramic lighting, cream paint, and warm nickel finishes now make it feel inviting.Pendants: Devol Kitchens. Bar stool slipcovers: Pindler. Faucet: Rohl. Counters: Arabescato marble, Bespoke Countertops. Cabinetry paint: customPr BengtssonWhen Jackson and her family moved into this house, the designer had no clue how much theyd actually use their small but mighty breakfast nook in the corner of the kitchen. We start every morning with a kid breakfast and end most days with casual dinners here, she says, noting that the glossy modern table and woven chairs are easy to clean. Bonus is that this little nook looks out on our front courtyard, and its a nice place to sit with your coffee as you gather your thoughts.Table: AllModern. Chairs: Sika Designs. Wall paint: custom. Wall art: vintageDining RoomPr BengtssonThe dining room opens right out onto our back patio, so I felt the room called for an organic element to temper the more formal pieces, Jackson says. I used a neutral paper weave to add an earthy element, while the silk DeGournay panels and vintage stools give a luxe factor. I do love to entertain, and we eat here often! Wallpaper: Cowtan & Tout. Table: Phillips Scott. Chandelier: Niermann Weeks for Visual Comfort. Chair fabric: Fabricut. Wall art: vintage DeGournay hand-painted silk panels via Jessica Lev Antiques. Mirror, lamps, and rug: antique.Powder RoomPr BengtssonIts tiny with just enough room for the toilet and pedestal sink, so I wanted it to become a jewel box, Jackson says. The Sandberg wallpaper was perfect, especially given our neighborhoods hallmark oak trees. A contemporary wall light gives a soft glow thats ultra-flattering for guests.Ceiling and trim paint: Van Courtland Blue, Benjamin Moore. Sconce: Visual Comfort. Fixtures: Newport Brass. Mirror: antique.Primary BedroomPr BengtssonOur bedroom has windows on three sides, so it feels a bit like you are perched up in your own private little treehouse, Jackson says. I wanted to keep the feeling serene and went with a palette of watery blues and greens.Wall paint: Sea Salt, Sherwin-Williams. Light fixture: West Elm. Bedding: Matouk. Accent pillow fabric: Cowtan & Tout. Bench: Bliss Studio, in Schumacher fabric. Headboard: custom, in Kerry Joyce fabric. Rug: Oushak, purchased in Istanbul. Nightstand and mirror: antique.NurseryPr BengtssonA vintage Herms scarf, framed above the crib, inspired this whole room. With graduated blues and a menagerie of charming hot air balloons floating through the design, I let those colors guide me, she says.Even though hes still very young, her son is not likely to outgrow the Phillip Jeffries wallcovering, blue linen curtains with Samuel & Sons trim, and ottoman in blue Schumacher performance linen. It is very sweet for a little baby boy but can easily grow with him as the furniture changes, Jackson says.Crib: Jenny Lind. Crib sheet: Biscuit Home. Chair: Jessica Charles. Ottoman trim: Travers.Guest BedroomPr BengtssonThis room has a vaulted ceiling and gets the best light Jackson says. I knew I wanted to use a mix of earthy elements and also incorporate this blue-and-white pattern we had in our former home.For the drapery, Jackson reused curtains from her parents house. I had a workroom cut it down and add trim, the designer says. Most of the cost was in the laborI saved big on the materials.Another DIY are the bracket shelves above the bed, which Jackson collected and painted herself. I was having a hard time finding what I saw in my head, so I just collected several vintage ones in weird colors and painted them to match, she says. I love finding little objects and rehabbing them.Wall paint: Pointing, Farrow & Ball. Bedding: Matouk. Nightstand: Ballard Designs. Table lamp: Regina Andrews, with Fermoie lampshade. Figurines: Fitz & Floyd. Headboard, chair, and ottoman: custom. Mirror: vintage John Widdicomb.BackyardPr BengtssonOur back area is compact, so I like to think of it as more of a little garden terrace, Jackson says of the space, where evening dinners and occasional breakfasts are held when the weather is nice. The antique Chicago brick is laid in a herringbone pattern and suits the house beautifully.Jackson also invested in landscaping for the property thanks to Gregory/Henry Landscapes. Neighbors actually stop me and say how nice it looks now, the designer adds.Awning: Awnings Houston. Tablecloth: Cotton Print Club via Etsy. Exterior paint: Ballet White, Benjamin Moore (at 75 percent strength). Chairs: vintage.Follow House Beautiful on Instagram and TikTok.

The innovative manufacturer Cosentino has long been renowned for its high-quality, incredibly durable engineered surfaces that peerlessly emulate the look of natural stone. Along the way, it's also become known for its attention to sustainability in its manufacturingand the company continues to raise the bar on both fronts.In fact, Cosentino has as one of its stated missions to minimize environmental impact. Accordingly, its production processes are fully powered by electricity from renewable sources. Heat from the kilns used to produce its surfaces is recovered with a sophisticated energy-management system and then used in other steps of the manufacturing process, reducing emissions further.Most recently, Cosentino has gone next-generation for the updated version of its signature surface, Silestone, with a technology called Hybriq+, which drastically reduces its crystalline silica content to a maximum of 10 percent. Yet form was in no way sacrificed for function: Hybriq+ uses a proprietary mix of minerals that result in natural-looking luster, color, and depth, as evidenced by the new, beautifully veined Le Chic Bohme collection.Watch the video above to learn more about Cosentino's commitment to sustainability and the Le Chic Bohme line, on a tour of the brand's new state-of-the-art showroom we were given by its general manager, Victor Manuel Garcia.

9to5Mac Security Bite is exclusively brought to you by Mosyle,the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.Each year, Moonlock Lab, the cybersecurity research wing of MacPaw, releases an annual report detailing the current state of the macOS threat landscape. On Tuesday, Moonlock Lab released its 2024 Threat Report, detailing how AI tools like ChatGPT are helping to write malware scripts, the shift to Malware-as-a-Service (MaaS), and other interesting statistics its seeing through internal data.// the era of AI-powered malwareIts been long speculated that threat actors have been working hard behind the scenes to turn AI tools into AI accomplices. Now it appears weve gotten our first-look at how its being done. Screenshots from darknet forums show that attackers are using AI tools, such as ChatGPT, to guide them through complex malware creation processes. A notable example is a Russian-speaking threat actor known as barboris, who openly shared their experience of developing a macOS stealer without any prior coding experience.With just a few prompts, attackers can generate scripts and implement advanced techniques that would have required significant expertise in the past. The barrier to entry is lower than ever, and AI has become a new ally for cybercriminals seeking to launch macOS-focused campaigns, Moonlock Lab states in its report.This situation is alarming for several reasons. Mainly: what once required significant technical expertise can now be accomplished by virtually anyone with internet access. This year, its likely we are witnessing a fundamental shift in malware development. No longer is this a trade exclusively for skilled programmers. In essence, this represents the decentralization of cybercrime.However, working with code can still be challenging for criminals. This is where MaaS has a hold.// MaaS dominatesThe darknet has experienced a surge in discussions around bypassing macOS defenses and distributing malware-as-a-service (MaaS) in 2024, according to the report from Moonlock Lab.Currently, cyber gangs like AMOS operate as highly profitable MaaS businesses. In this model, malware developers (or operators) create the software, while affiliates, typically those with less technical knowledge, pay to access the malicious package and direct it toward their chosen targets. A sought after solution for affiliates (criminals) with near-zero technical ability.These affiliates would pay a fee to license the malware package. This can either be a one-time payment or a more affordable recurring subscription. Operators dealing in ransomwareknown as Ransomware-as-a-Serviceoften take a cut from any ransom payment received.According to Moonlock, the rise of MaaS has lowered the entry barrier for cybercriminals, with services that previously cost tens of thousands now available for around $1,500 per month. This price drop is likely due to increased competition, as there has been a surge in MaaS providers like RansomHub.// what you can doIf youre a regular reader of Security Bite, you probably already know some of this information. However, the best advice remains the same: keep your software up to date, only download apps from trusted sources, and consider using a third-party security solution for added protection. I personally recommend MacPaws CleanMyMac, which offers real-time malware detection.The days of believing that Macs dont get viruses are long gone.For more detailed info, I highly encourage you to check out Moonlock Labs full report.Add 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Apple on Tuesday quietly released a firmware update for the Beats Solo Buds, the entry-level earbuds that were introduced earlier this year under the Beats brand. Read on as we detail more about the update and how to install it on the earbuds.Apple updates Beats Solo Buds firmwareThe new firmware available for the Beats Solo Buds has the build number 3A130 and is the first update available for the earbuds since their launch. The previous firmware, the one that shipped with the earbuds, is 3A130.Apple doesnt typically provide release notes for firmware updates like this, so we dont yet know if the update adds any new features. In August, the company released an update for the Beats Studio Pro headphones that added support for the multi-user audio sharing feature.Just like updating AirPods, the process of updating the firmware of Beats headphones is quite obscure. Theres no way to install firmware updates manually via iOS devices the process happens automatically when the earbuds are near an iPhone or iPad connected to the internet. However, Android users can use the official Beats app to easily install firmware updates.The new Beats Solo Buds are a cheaper alternative to wireless earbuds like the entry-level AirPods. Despite the lack of some more advanced features like Active Noise Cancellation, ear detection for auto play/pause and Transparency Mode, they offer 18 hours of battery life and integration with both iOS and Android.Apple sells Beats Solo Buds for $79, but you can find them for just $49 on Amazon.Did you find any new features with todays firmware update? Let us know in the comments section below.Add 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Good God.Moon ShotSpaceX stock, to invoke a crypto but aptly spacefaring-related cliche, is going to the Moon.The Elon Musk-owned space company is currently in talks to sell off private shares held by employees and other insiders at an even higher than expected price that would skyrocket the venture's valuation to $350 billion, Bloomberg reports, in a deal known as a tender offer. The predicted price had previously been around $255 billion.This would put SpaceX, already one of the most valuable private companies in the world, into an entirely different galaxy from its peers. The next closest private organization in terms of market cap would be TikTok parent company ByteDance, at $300 billion,and nothing in the private space sector would even come close.The news comes as Musk, who owns a 42 percent stake in SpaceX, has dramatically aggrandized not only his business empire, but his equally formidable personal fortune following the election of presidential candidate Donald Trump, whom he backed with hundreds of millions of dollars of his own money. Musk's net worth now stands at nearly $350 billion or just about one SpaceX, now that you mention it.Keeping SpaceAs with many Musk ventures, the hype with SpaceX is unreal.This results in a significant gulf between its perceived value and its revenue the money it actually makes which topped at "just" an estimated $8.7 billion in 2023 (though it's expected to be higher for this year). The comparably-sized ByteDance, for comparison, had a revenue of around $110 billion last year.SpaceX remains an indispensable launch provider in the US. Most of all, NASA relies on its Falcon 9 rocket and its Crew Dragon spacecraft to ferry its astronauts to the International Space Station.The space agency will also be counting on SpaceX's flagship rocket, Starship, to play a headlining role in its ambitious mission to return astronauts to the lunar surface for the first time in over fifty years.Besides government contracts, SpaceX generates billions of dollars in revenue through Starlink, its satellite-based internet service, which it can maintain using its own rockets.Money TalksSpaceX's jump in value is a testament to the resilience of Musk's brands, even though his personal image has sullied among some in recent years with his ardent support for far-right politics.Whatever its owner's cultural cachet, SpaceX is set to be more valuable than any other private company on Earth, and Tesla's stock is up nearly 45 percent in the past month, following the election.Despite the undeniable successes of both ventures, they still have some major proving to do. SpaceX is yet to perfect Starship and show that it's reusable and thereby cost effective. Tesla, meanwhile, is weathering the controversy surrounding its shoddy Cybertruck and self-driving tech, and is also in the middle of making a huge gamble with its robotaxi pivot.For now, though, there're no brakes on the hype train.Share This Article

Did Jaguar want its own Cybertruck moment?Forced JassificationOld-world luxury automaker Jaguar has announced that it's pulling a 180 with a new electric concept car dubbed the Type 00 a coupe that looks absolutely nothing like anything the company has built in its 102-year history.The painfully yassified rebranding, which includes a soulless sans-serif-type logo, had the internet in a toxic mix of shock and apprehension. The Type 00 surfaced in an unnerving "Miami Pink" hue, coming off more as a desperate attempt to appear relevant than a reincarnation of an automotive icon.It also drew plenty of comparisons to one of the most controversial vehicles ever developed."Its big, its pink and it looks like the result of a struggle cuddle between a Cybertruck, Lady Penelopes Rolls Royce, and an air conditioning unit but I like it!" one X user tweeted."Jaguar's new concept car looks like Barbie redesigned a Cybertruck," reporter Jen Dudley-Nicholson wrote.Pink AgainAccording to Jaguar chief creative officer Gerry McGovern, the fully-electric Type 00 is the result of the company throwing away the rulebook."Type 00 is a pure expression of Jaguars new creative philosophy," McGovern said in a statement. "This is the result of brave, unconstrained creative thinking, and unwavering determination. It is our first physical manifestation and the foundation stone for a new family of Jaguars that will look unlike anything youve ever seen."That's an understatement. The concept car is over 16 feet long and trades in smooth and aerodynamic body lines for brutalist hard edges and an unapologetic peak into a garish eyesore of the future.Of course, the Type 00 is little more than a concept and it's anyone's guess whether the production version will look even remotely like it.Besides likely turning plenty of heads, Jaguar claims the car will have a range of up to 430 miles and the ability to top up 200 miles in just 15 minutes of fast charging.Share This Article

Cisco on Monday updated an advisory to warn customers of active exploitation of a decade-old security flaw impacting its Adaptive Security Appliance (ASA).The vulnerability, tracked as CVE-2014-2120 (CVSS score: 4.3), concerns a case of insufficient input validation in ASA's WebVPN login page that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a targeted user of the appliance."An attacker could exploit this vulnerability by convincing a user to access a malicious link," Cisco noted in an alert released in March 2014.As of December 2, 2024, the networking equipment major has revised its bulletin to note that it has become aware of "additional attempted exploitation" of the vulnerability in the wild.The development comes shortly after cybersecurity firm CloudSEK revealed that the threat actors behind AndroxGh0st are leveraging an extensive list of security vulnerabilities in various internet-facing applications, including CVE-2014-2120, to propagate the malware.The malicious activity is also notable for the integration of the Mozi botnet, which allows the botnet to further expand in size and scope.As a result, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the flaw to its Known Exploited Vulnerabilities (KEV) catalog last month, requiring Federal Civilian Executive Branch (FCEB) agencies to remediate it by December 3, 2024.Users of Cisco ASA are highly recommended to keep their installations up-to-date for optimal protection and to safeguard against potential cyber threats.Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Dec 03, 2024Ravie LakshmananEndpoint Security / VulnerabilityCybersecurity researchers have disclosed a set of flaws impacting Palo Alto Networks and SonicWall virtual private network (VPN) clients that could be potentially exploited to gain remote code execution on Windows and macOS systems."By targeting the implicit trust VPN clients place in servers, attackers can manipulate client behaviours, execute arbitrary commands, and gain high levels of access with minimal effort," AmberWolf said in an analysis.In a hypothetical attack scenario, this plays out in the form of a rogue VPN server that can trick the clients into downloading malicious updates that can cause unintended consequences.The result of the investigation is a proof-of-concept (PoC) attack tool called NachoVPN that can simulate such VPN servers and exploit the vulnerabilities to achieve privileged code execution.The identified flaws are listed below -CVE-2024-5921 (CVSS score: 5.6) - An insufficient certificate validation vulnerability impacting Palo Alto Networks GlobalProtect for Windows, macOS, and Linux that allows the app to be connected to arbitrary servers, leading to the deployment of malicious software (Addressed in version 6.2.6 for Windows)CVE-2024-29014 (CVSS score: 7.1) - A vulnerability impacting SonicWall SMA100 NetExtender Windows client that could allow an attacker to execute arbitrary code when processing an End Point Control (EPC) Client update. (Affects versions 10.2.339 and earlier, addressed in version 10.2.341)Palo Alto Networks has emphasized that the attacker needs to either have access as a local non-administrative operating system user or be on the same subnet so as to install malicious root certificates on the endpoint and install malicious software signed by the malicious root certificates on that endpoint.In doing so, the GlobalProtect app could be weaponized to steal a victim's VPN credentials, execute arbitrary code with elevated privileges, and install malicious root certificates that could be used to facilitate other attacks.Similarly, an attacker could trick a user to connect their NetExtender client to a malicious VPN server and then deliver a counterfeit EPC Client update that's signed with a valid-but-stolen certificate to ultimately execute code with SYSTEM privileges."Attackers can exploit a custom URI handler to force the NetExtender client to connect to their server," AmberWolf said. "Users only need to visit a malicious website and accept a browser prompt, or open a malicious document for the attack to succeed."While there is no evidence that these shortcomings have been exploited in the wild, users of Palo Alto Networks GlobalProtect and SonicWall NetExtender are advised to apply the latest patches to safeguard against potential threats.The development comes as researchers from Bishop Fox detailed its approach to decrypting and analyzing the firmware embedded in SonicWall firewalls to further aid in vulnerability research and build fingerprinting capabilities in order to assess the current state of SonicWall firewall security based on internet-facing exposures.Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Shane Snider, Senior Writer, InformationWeekDecember 3, 20243 Min ReadAndrii Yalanskyi via Alamy StockThe Federal Trade Commission (FTC) on Tuesday announced action against Gravy Analytics and Venntel Inc. and a separate action against Mobilewalla that would ban the companies from selling sensitive location data.The FTCs complaint against the companies alleges Virginia-based Gravy Analytics and its subsidiary Venntel violated the FTC Act by unfairly selling sensitive consumer location data, and by collecting and using consumers location data without consent for commercial and government uses. Gravy Analytics, the complaint says, also sold health and medical decisions, political activities, and religious views collected from location data.In the case of Georgia-based Mobilewalla, the FTC alleges the company collected more than 500 million unique consumer advertising identifiers paired with precise location data between January 2018 and June 2020. The company sold the raw data to third parties, including advertisers, data brokers, and analytics firms, the FTC says.In a statement, FTC Chair Lina Khan said, Persistent tracking by data brokers can put millions of Americans at risk, exposing the precise locations where service members are stationed or which medical treatments someone is seeking. Mobilewalla exploited vulnerabilities in digital ad markets to harvest this data at a stunning scale.In a message to InformationWeek, Mobilewalla CEO Anindya Datta pushed back on the FTCs case, but accepted the results. Mobilewalla respects consumer privacy and has been evolving our privacy protections throughout our history as a company, he says. While we disagree with many of the FTCs allegations and implications that Mobilewalla tracks and targets individuals based on sensitive categories, we are satisfied that the resolution will allow us to continue providing valuable insights to businesses in a manner that respects and protects consumer privacy.FTC had strong words for the companies' practices.Surreptitious surveillance by data brokers undermines our civil liberties and puts servicemembers, union workers, religious minorities, and others at risk, Samuel Levine, director of the FTCs Bureau of Consumer Protection, said in a statement. This is the FTCs fourth action taken this year challenging the sale of sensitive location data, and its past time for the industry to get serious about protecting Americans privacy.The FTC also alleged Gravy Analytics and Venntel obtained consumer location information from other data suppliers and claimed to collect, process, and curate more than 17 billion signals from a billion mobile devices daily.The complaint also alleges Gravy Analytics used geofencing to create a virtual geographical boundary to identify and sell lists of consumers who attended certain events related to medical conditions and places of worship. The unauthorized data brokering put consumers at risk of stigma, discrimination, violence, and other harms, according to the complaint.You may not know a lot about Gravy Analytics, but Gravy Analytics may know a lot about you, reads a joint statement by FTC commissioners Alvaro M. Bedoya, Rebecca Kelly Slaughter, Melissa Holyoak, and Khan.Gravy Analytics merged with Unacast last year. The companys website says it offers location intelligence for every business. Mobilewallas website says its products make your AI smarter with high-quality, privacy compliant consumer data and predictive feature InformationWeek has reached out to Gravy Analytics and Mobilewalla for comment and will update with any response.About the AuthorShane SniderSenior Writer, InformationWeekShane Snider is a veteran journalist with more than 20 years of industry experience. He started his career as a general assignment reporter and has covered government, business, education, technology and much more. He was a reporter for the Triangle Business Journal, Raleigh News and Observer and most recently a tech reporter for CRN. He was also a top wedding photographer for many years, traveling across the country and around the world. He lives in Raleigh with his wife and two children.See more from Shane SniderNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also LikeReportsMore Reports