Us Against the WorldDec 10, 5:39 PM EST/byFrank LandymoreLeaked Video Shows Insurance CEO Gloating About Denying Care, Calling Critics DelusionalThey see themselves as protectors against "unnecessary care."Dec 10, 5:39 PM EST/Frank LandymoreImage by Kent Nishimura via Getty / FuturismDevelopmentsUnitedHealth Group CEO Andrew Witty made some eyebrow-raising remarks following the assassination of his colleague Brian Thompson.On the day of Thompson's murder, Witty addressed employees in a company-wide video in which he justified their practice of stamping out "unnecessary" health coverage."Our role is a critical role, and we make sure that care is safe, appropriate, and is delivered when people need it," Thompson said in the internal virtual address, leaked by journalist Ken Klippenstein. "And we guard against the pressures that exist for unsafe care or for unnecessary care to be delivered in a way which makes the whole system too complex and ultimately unsustainable.""So we're going to continue to make that case, and we're going to continue to do the work we do," he added.As critics of the healthcare industry might argue, Witty's comments are emblematic of insurers' ruthless cost-saving policies that prevent patients from getting coverage for often crucial or life-saving procedures, leaving them with enormous medical bills.An analysis by ValuePenguin suggests that UnitedHealthcare a subsidiary of UnitedHealth Group,which Thompson served as CEO of denies a staggering 32 percent of claims. That's twice the industry average, and more than any other insurer. The company even reportedly used an AI algorithm to automatically deny some of these claims.On social media, Witty's "unnecessary care" remarks struck a nerve amongst those who have seen themselves or loved ones struggle with UHC's system."United wouldn't approve my mother for the medicine her doctor said she needed until she first tried this other medicine," tweeted Justin Whang, a popular YouTuber and streamer. "As a result, one day she went temporarily blind on the way home."Another user painfully recalled how her brain surgery was considered "unnecessary" because it was a "cosmetic" issue. "If I had to live with the condition any longer I [definitely] wouldn't be here today," she wrote.But according to Witty, these kinds of grievances aren't based in "reality." Seriously. Taking aim at the company's "vitriolic" critics, he launched into a rant about the negative atmosphere in the media and among the public."I encourage you to tune out that critical noise that we're hearing right now," Witty told employees. "It does not reflect reality. It is simply a sign of an era in which we live."That is an astoundingly tonedeaf thing to say in a country where medical debt is cited in over 66 percent of bankruptcies, according to a 2019 study. But is anyone surprised at this point?Share This ArticleImage by Kent Nishimura via Getty / FuturismRead This Next

"This is yet another example of Tesla using our public roadways to perform research and development of its autonomous driving technology."Crash CourseThe family of a man who died after his Tesla crashed while driving on Autopilot is suing the EV maker, as the Independent reports, accusing CEO Elon Musk of making misleading claims about the driver assistance software.In February 2023, 31-year-old Genesis Giovanni Mendoza-Martinez died after his Model S smashed into a firetruck on the side of an interstate in San Francisco.According to the complaint, Mendoza-Martinez made "no accelerator pedal or brake pedal inputs" during the 12 minutes prior to the crash, while the vehicle was on Autopilot.Mendoza-Martinez's family is arguing that the driver bought the vehicle under the mistaken belief that it could drive itself, echoing sentiments that Tesla has overstated its vehicles' ability to drive themselves.The complaint singles out pages worth of online posts penned by Musk, alleging that he was knowingly misleading the public, despite knowing that the software wasn't and still isn't able to allow Teslas to safely drive themselves.The carmaker has since shot back, arguing that it was the driver's "own negligent acts and/or omissions" that led to his death, as quoted by the Independent.However, attorney Brett Schreiber, who is representing the family, told the newspaper that Tesla was wrongfully using its customers to beta test flawed driver assistance software on public roads, with fatal results."This is yet another example of Tesla using our public roadways to perform research and development of its autonomous driving technology," he told the newspaper.Deep ImpactTesla is already the subject of several government investigations into the safety of its so-called "self-driving" software.Mendoza-Martinez's crash is already part of an active National Highway Traffic Safety Administration investigation that dates back to 2021.The regulator also found earlier this year that those making use of FSD were lulled into a false sense of security and "were not sufficiently engaged in the driving task."According to NBC, there are at least 15 other similar and active cases involving either Autopilot or the EV maker's misleadingly called "Full Self-Driving" (FSD) software an optional add-on leading up to a crash that resulted in deaths or injuries.The California Department of Motor Vehicles has also filed a lawsuit against the carmaker, accusing it of false advertising regarding FSD.Share This Article

Dec 10, 2024Ravie LakshmananVulnerability / Threat AnalysisUsers of Cleo-managed file transfer software are being urged to ensure that their instances are not exposed to the internet following reports of mass exploitation of a vulnerability affecting fully patched systems.Cybersecurity company Huntress said it discovered evidence of threat actors exploiting the issue en masse on December 3, 2024. The vulnerability, which impacts Cleo's LexiCom, VLTransfer, and Harmony software, concerns a case of unauthenticated remote code execution.The security hole is tracked as CVE-2024-50623, with Cleo noting that the flaw is the result of an unrestricted file upload that could pave the way for the execution of arbitrary code.The Illinois-based company, which has over 4,200 customers across the world, has since issued another advisory (CVE pending), warning of a separate "unauthenticated malicious hosts vulnerability that could lead to remote code execution."The development comes after Huntress said the patches released for CVE-2024-50623 do not completely mitigate the underlying software flaw. The issue impacts the below products and is expected to be patched later this week -Cleo Harmony (up to version 5.8.0.23)Cleo VLTrader (up to version 5.8.0.23)Cleo LexiCom (up to version 5.8.0.23)In the attacks detected by the cybersecurity company, the vulnerability has been found to be exploited to drop multiple files, including an XML file that's configured to run an embedded PowerShell command that's responsible for retrieving a next-stage Java Archive (JAR) file from a remote server.Specifically, the intrusions leverage the fact files placed in the "autorun" sub-directory within the installation folder and are immediately read, interpreted, and evaluated by the susceptible software.As many as at least 10 businesses have had their Cleo servers compromised, with a spike in exploitation observed on December 8, 2024, at around 7 a.m. UTC. Evidence gathered so far pins the earliest date of exploration to December 3, 2024.Victim organizations span consumer product companies, logistics and shipping organizations, and food suppliers. Users are advised to ensure that their software is up-to-date to ensure that they are protected against the threat.Ransomware groups like Cl0p (aka Lace Tempest) have previously set their sights on various managed file transfer tools in the past, and it looks like the latest attack activity is no different.According to security researcher Kevin Beaumont (aka GossiTheDog), "Termite ransomware group operators (and maybe other groups) have a zero-day exploit for Cleo LexiCom, VLTransfer, and Harmony."Cybersecurity company Rapid7 said it also has confirmed successful exploitation of the Cleo issue against customer environments. It's worth noting that Termite has claimed responsibility for the recent cyber attack on supply chain firm Blue Yonder.Broadcom's Symantec Threat Hunter Team told The Hacker News that "Termite appears to be using a modified version of Babuk ransomware, which, when executed on a machine, encrypts targeted files and adds a .termite extension.""Since we saw that Blue Yonder had an instance of Cleo's software open to the internet via Shodan, and Termite has claimed Blue Yonder amongst its victims, which was also confirmed by their listing and open directory of files, I'd say that Gossi is correct in his statement," Jamie Levy, Huntress' Director of Adversary Tactics, told the publication."For what it's worth, there have been some rumblings that Termite might be the new Cl0p, there is some data that seems to support this as Cl0p's activities have waned while Termite's activities have increased. They are also operating in some similar fashions. We're not really in the attribution game, but it wouldn't be surprising at all if we are seeing a shift in these ransomware gangs at the moment."(This is a developing story. Please check back for more updates.)Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Dec 10, 2024Ravie LakshmananMobile Security / CryptocurrencyCybersecurity researchers have shed light on a sophisticated mobile phishing (aka mishing) campaign that's designed to distribute an updated version of the Antidot banking trojan."The attackers presented themselves as recruiters, luring unsuspecting victims with job offers," Zimperium zLabs Vishnu Pratapagiri researcher said in a new report."As part of their fraudulent hiring process, the phishing campaign tricks victims into downloading a malicious application that acts as a dropper, eventually installing the updated variant of Antidot Banker in the victim's device."The new version of the Android malware has been codenamed AppLite Banker by the mobile security company, highlighting its abilities to siphon unlock PIN (or pattern or password) and remotely take control of infected devices, a feature recently also observed in TrickMo.The attacks employ a variety of social engineering strategies, often luring targets with the prospect of a job opportunity that claims to offer a "competitive hourly rate of $25" and excellent career advancement options.In a September 2024 post identified by The Hacker News on Reddit, several users said they received emails from a Canadian company named Teximus Technologies about a job offer for a remote customer service agent.Should the victim engage with the purported recruiter, they are directed to download a malicious Android app from a phishing page as part of the recruitment process, which then acts as a first-stage responsible for facilitating the deployment of the main malware on the device.Zimperium said it discovered a network of phony domains that are used to distribute the malware-laced APK files that masquerade as employee-customer relationship management (CRM) apps.The dropper apps, besides employing ZIP file manipulation to evade analysis and bypass security defenses, instruct the victims to register for an account, after which it's engineered to display a message asking them to install an app update in order to "keep your phone protected." Furthermore, it advises them to allow the installation of Android apps from external sources."When the user clicks the 'Update' button, a fake Google Play Store icon appears, leading to the installation of the malware," Pratapagiri said. "Like its predecessor, this malicious app requests Accessibility Services permissions and abuses them to overlay the device's screen and carry out harmful activities. These activities include self-granting permissions to facilitate further malicious operations."The newest version of Antidot is packed in support for new commands that allow the operators to launch "Keyboard & Input" settings, interact with the lock screen based on the set value (i.e., PIN, pattern, or password), wake up the device, reduce screen brightness to the lowest level, launch overlays to steal Google account credentials, and even prevent it from being uninstalled.It also incorporates the ability to hide certain SMS messages, block calls from a predefined set of mobile numbers received from a remote server, launch the "Manage Default Apps" settings, and serve fake login pages for 172 banks, cryptocurrency wallets, and social media services like Facebook and Telegram.Some of the other known features of the malware include keylogging, call forwarding, SMS theft, and Virtual Network Computing (VNC) functionality to remotely interact with the compromised devices.Users proficient in languages such as English, Spanish, French, German, Italian, Portuguese, and Russian are said to be the targets of the campaign."Given the malware's advanced capabilities and extensive control over compromised devices, it is imperative to implement proactive and robust protection measures to safeguard users and devices against this and similar threats, preventing data or financial losses."The findings come as Cyfirma revealed that high-value assets in Southern Asia have become the target of an Android malware campaign that delivers the SpyNote trojan. The attacks have not been attributed to any known threat actor or group."The continued use of SpyNote is notable, as it highlights the threat actors' preference for leveraging this tool to target high-profile individuals despite being publicly available on various underground forums and telegram channels," the company said.Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Lisa Morgan, Freelance WriterDecember 10, 202410 Min ReadMyrarte via Alamy StockAs businesses grow and tech stacks become more complex, scalability remains a top issue.Companies face significant challenges scaling across both physical and virtual spaces. While a holistic approach to operations across regions provides advantages, it also introduces complexity, says Dustin Johnson, CTO of advanced analytics software provider Seeq. The cloud can assist, but its not always a one-size-fits-all solution, especially regarding compute needs. Specialized resources like GPUs for AI workloads versus CPUs for standard processes are essential, and technologies like Kubernetes allow for effective clustering and scaling. However, applications must be designed to fully leverage these features, or they wont realize the benefits.The variety of technologies involved creates significant complexity.Today, a vertically integrated tech stack isnt practical, as companies rely on diverse applications, infrastructure, AI/ML tools and third-party systems, says Johnson. Integrating all these components -- ensuring compatibility, security, and scalability -- requires careful coordination across the entire tech landscape.A common mistake is treating scalability as a narrow technology issue rather than a foundational aspect of system design. Approaching it with a short-term, patchwork mentality limits long-term flexibility and can make it difficult to respond to growing demands.Related:Following are some more things that need to scale better in 2025.1. ProcessesA lot of organizations still have manual processes that prevent velocity and scale. For example, if a user needs to submit a ticket for a new server to implement a new project, someone must write the ticket, someone receives the ticket, someone must activate it, and then something must be done with it. Its an entire sequence of steps.Thats not a scalable way to run your environment so I think scaling processes by leveraging automation is a really important topic, says Hillery Hunter, CTO and GM of innovation at IBM and an IBM Fellow. There are a bunch of different answers to that [ranging] from automation to what people talk about, such as is IT ops or orchestration technologies. If you have a CIO who is trying to scale something and need to get permission separately from the chief information security officers, the chief risk officer or the chief data officer team, that serialization of approvals blocks speed and scalability.Organizations that want to achieve higher velocities should make it a joint responsibility among members of the C-suite.Related:You dont just want to automate inefficient things in your organization. You really want to transform the business process, says Hunter. When you bring together the owners of IT, information, and security at the same table, you remove that serialization of the decision process, and you remove the impulse to say no and create a collective impetus to say yes because everyone understands the transformation is mutual and a team goal.2. IT operationsIT is always under pressure to deliver faster without sacrificing quality, but the pressure to do more with less leaves IT leaders and their staff overwhelmed.Scalability needs to be done though greater efficiency and automation and use things like AIOps to oversee the environment and make sure that as you scale, you maintain your security and resiliency standards, says Hunter. I think re-envisioning the extent of automation within IT and application management is not done until those processes break. Its maybe not investing soon enough so they can scale soon enough.3. ArchitecturesIn the interest of getting to market quickly, startups might be tempted to build a new service from existing pre-made components that can be coupled together in ways that mostly fit but will demonstrate the business idea. This can lead to unintentionally complicated systems that are impossible to scale because of their sheer complexity. While this approach may work well in the beginning, getting business approval later to completely re-architect a working service that is showing signs of success may be very difficult.Related:First of all, be very careful in the architectural phase of a solution [because] complexity kills. This is not just a reliability or security argument, it is very much a scalability argument, says Jakob stergaard, CTO at cloud backup and recovery platform Keepit. A complex structure easily leads to situations where one cannot simply throw hardware at the problem this can lead to frustrations on both the business side and the engineering side.He advises: Start with a critical mindset, knowing that upfront investment in good architecture will pay for itself many times over.4. Data visibilityOrganizations are on a constant mission to monetize data. To do that they need to actively manage that data throughout the entire lifecycle at scale.While cloud computing has gained popularity over the past few decades, there is still a lot of confusion, resulting in challenges including understanding where your cloud data lives, what it contains, and how to ensure it is properly protected, says Arvind Nithrakashyap, co-founder and CTO at data security company Rubrik. When it comes to scalability one blind spot is unstructured and semi-structured data.Unstructured data poses a security risk, as it can contain sensitive business data or personally identifiable information. And since all unstructured data is shared with end-user applications using standard protocols over TCP/IP networks, its a prime target for threat actors. Since most companies have hybrid and multi-cloud implementations IT needs to understand where sensitive data is, where it is going and how it is being secured.One of the toughest hurdles for organizations whose unstructured data portfolio includesbillions of files, and/or petabytes of data, is maintaining an accurate, up-to-date count ofthose datasets and their usage patterns, says Nithrakashyap. [You need to understand] things [such as] how many files [exist], where they are, how old they are, and whether theyre still in active use. Without reliable, up-to-date visibility into the full spectrum of critical business files, your organization can easily be overwhelmed by the magnitude of your data footprint, not knowing where critical datasets are located, which datasets are still growing, [and] which datasets have aged out of use.5. SaaS service APIsAPIs are the glue that holds our modern software-driven world together. Keepits stergaard says his company sees bottlenecks on software-as-a-service APIs that vendors offer up for general use, from explicit throttling to slow responses, that are outright intermittent failures. For better and tighter integrations between systems, APIs need to scale to higher volume use.Fundamentally, an API that does not scale is pointless, says stergaard. For APIs to be useful we want them to be usable. Not a little bit, not just sometimes, but all the time and as much as we need. Otherwise, what's the point?Although it can be difficult to pinpoint a limiting factor, if user experience is any indication, it appears that some services are built on architectures that are difficult for the vendor to scale to higher volume use.This is a classical problem in computer science -- if a service is built, for example, around a central database, then adding more API front-end nodes may not do anything to improve the scalability of the APIs because the bottleneck may be in the central database, says stergaard. If the system is built with a central database being core to its functionality, then replacing that central component with something that is better distributed over many systems could require a complete re-write of the service from the ground up. In practical terms for real world services, making a service scale to higher volume use is often very different from just clicking the elastic scaling button on the cloud platform on which it runs.To scale a solution, it must be built on the simplest possible architecture, since architectural complexity is typically the main obstacle to scaling a solution. A complex architecture can make throwing hardware at a solution completely ineffective.6. Artificial intelligenceAs AI usage accelerates, cloud and cybersecurity scalability become even more critical.[M]ost companies are still in a discovery phase [with AI], and therefore what it takes to scale [in terms of] capabilities, cost, etc. is still not fully understood. It requires an approach of continuous learning and experimentation, with a strong focus on outcomes, to prioritize the right activities, saysOrla Daly, CIO at digital workforce transformation company Skillsoft.IT leaders must ensure alignment with business leaders on the desired outcomes and critical success factors. They also need to understand the skills and resources in the organization, define KPIs and fill key gaps.Teams who are not proactively managing the need for scale will find suboptimal decisions or runaway costs on one side, or [a] lack of progress because the enablers and path to scale are not defined, says Daly. Scaling technology is ultimately about enabling business outcomes, therefore continuing to tie activities to the company priorities is important. Its easy to get carried away by new and exciting capabilities, and innovation remains important, but when it comes to scaling, its more important to take a thoughtful and measured approach.7. Generative AIOrganizations are struggling with scaling GenAI cost-effectively. Most providers bill for their models based on tokens that are numerical representations of words or characters. The costs for input and output tokens differ. For example, Anthropics Claude 3.5 Sonnet charges $3.00 per million input tokens and $15 per million output tokens while OpenAIs gpt-4o model costs $2.50 per million input tokens and $10 per million output tokens. The two models are not equal and support different features, so the choice isnt as clear cut as which model is cheaper.GenAI model consumers must pick a balance between price, capability and performance. Everyone wants the highest quality tokens at the lowest possible price as quickly as possible, says Randall Hunt, CTO at leading cloud services company and AWS Premier Tier Services partner, Caylent.An additional charge exists around vectorization of data, such as converting images, text, or other information into a numerical format, called an embedding, that represents the semantic meaning of the underlying data rather than the specific content.Embedding models are typically cheaper than LLMs. [For instance,] Coheres Embed English embedding model is $0.10 per million tokens. Embeddings can be searched somewhat efficiently using techniques like [hierarchical navigable small world](HNSW) and cosine similarity, which isnt important, but it requires the use of database extensions or specialized datastores that are optimized for those kinds of searches -- further increasing cost. [A]ll of this cost is additive, and it can affect the unit economics of various AI projects.8. Operational technologydataCompanies are being flooded with data. This goes for most organizations, but its especially true for industrial companies that are constantly collecting operational technology (OT) data from equipment, sensors, machinery and more. Industrial companies are eager to integrate insights from OT and IT data to enable data-driven decision making based on a holistic view of the business.In 2025 and beyond, companies that can successfully give data context and make efficient and secure connections between diverse OT and IT data sources, will be best equipped to scale data throughout the organization for the best possible outcomes, says Heiko Claussen, chief technology officer at industrial software company AspenTech. Point-to-point data connections can be chaotic and complex, resulting in siloes and bottlenecks that could make data less effective for agile decision making, enterprise-scale digital transformation initiatives and AI applications.Without OT data fabric, an organization that has 100 data sources and 100 programs utilizing those sources would need to write and maintain 10,000 point-to-point connections. With an OT data fabric, that drops to 200 connections. In addition, many of these connections will be based on the same driver and thus much easier to maintain and secure.About the AuthorLisa MorganFreelance WriterLisa Morgan is a freelance writer who covers business and IT strategy and emergingtechnology for InformationWeek. She has contributed articles, reports, and other types of content to many technology, business, and mainstream publications and sites including tech pubs, The Washington Post and The Economist Intelligence Unit. Frequent areas of coverage include AI, analytics, cloud, cybersecurity, mobility, software development, and emerging cultural issues affecting the C-suite.See more from Lisa MorganNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also LikeWebinarsMore WebinarsReportsMore Reports

Todays IT departments have an amalgamation of DevOps, Waterfall, artificial intelligence, and OS/new release software, so quality assurance must be able to test and to verify the goodness of all these variegated systems. Yet, those of us who have led IT departments know that the QA function is habitually under-appreciated.Understanding that QA must broaden its reach to test such a broad spectrum of different systems, vendors have rolled out QA tools like the automated execution of test scripts that QA designs.This has generated a steady market in QA testing software, which Global Market Insights pinpointed at $51.8 billion in 2023, with a projected CAGR (compound annual growth rate) of 7% between 2024 and 2032.What IT departments should do now is strategize how a limited QA staff can best use these tools, while also developing the knowledge base and reach allowing them to cover the broad array of new applications and systems that QA is being asked to test.Performing QA With No Single Pane of GlassIf you are in system programming or network support, you know that there are over-arching software solutions that boast single pane of glass visibility. These systems provide an overall architecture that enables you to unify visibility of all of the different tools and functions that you have on a single screen. Not all IT departments invest in these expensive software architectures, but at least they do exist.Related:That isnt the case for quality assurance.In QA, the test bench is a hodgepodge of different tools and techniques spread out on a general tool bench. When a staffer performs QA, they pick whatever tools they choose to use from this tool bench based upon the type of application they are being called upon to test.If the application area to be tested is DevOps, QA is an iterative never done function that might use some test automation for workflow execution, but that also requires a high amount of collaboration between QA, development and end users until everyone arrives at a consensus that the application is production ready.In the AI environment, testing is also iterative and never finished. You work with development and user area subject matter experts to achieve the gold standard of 95% accuracy with what subject matter experts would conclude. Then you must periodically reaffirm accuracy because business conditions constantly change, and accuracy levels could fall.If the application is waterfall, it routes through the traditional path of development, unit test, integration test, regression test, deploy.Related:If the system is a new database or operating or infrastructure system release from a vendor, the new release is first simulated in a test environment, where it is tested and debugged. The new release gets installed into production when all testing issues in the simulated environment are resolved.Each of these test scenarios requires a different mental approach to QA and a different set of tools.Make QA a Strategic Function and Elevate its Standing?Test tool provider Hatica has stated,In the past, QA engineers were primarily focused on testing -- finding bugs and ensuring that the product worked as intended before it was released to users. However, this reactive approach to quality is no longer enough in todays environment. Before long, QA engineers will shift from being testers at the end of the process to quality strategists who are involved from the very beginning.In Agile and DevOps development, there already is an emerging trend for QA that confirms this. QA is immediately engaged in Agile and DevOps work teams, and the QA team provides as much input into the end-to-end DevOps/Agile process as development and end users. As IT departments move more work to Agile and DevOps, QAs role as a frontend strategist will expand.Related:However, in waterfall and new infrastructure release deployments, QAs role is more backend and traditional. It performs end of the line checkouts and is often not engaged in the initial stages of development. AI also presents a QA challenge, because a separate data science or subject matter expert group might do most of the system development and checkout, so QAs role is minimized.The Best Approach to QAThanks to the Agile/DevOps movement, QA now sees a more forward-thinking and strategic role. Yet at the same time, applications in the AI, waterfall, and infrastructure areas engage QA as more of a backend function.QA is also knee-capped by the lack of a single architecture for its tools, and by the brutal fact that most of the staff in QA departments are new hires or junior personnel. Quickly, these individuals apply for transfers into application development, database or systems, because they see these as the only viable options for advancing their IT careers.Understanding these realities, CIOs can do three things:1. Move QA into a more strategic position in all forms of application development. Like the IT help desk, QA has a long institutional memory of the common flaws in IT applications. If QA is engaged early in application development processes, it can raise awareness of these common flaws so they can be addressed up front in design.Accept as well that most QA staff members will want to move on to become a developer or an IT technical specialist and use QA as a grooming ground. To this end, the more QA gets engaged early in application planning and development, the more IT software knowledge QA staff will gain. This can prepare them for development or systems careers, if they choose to take these routes later.2. Ensure that QA staff is properly trained on QA tools. There is no uber architecture available for the broad assortment of tools that QA uses, so personalized training is key.3. Foster collaboration. In the Agile/DevOps environment, there is active collaboration between QA, development and end users. In AI development, CIOs can foster greater QA collaboration by teaming QA with IT business analysts, who often work side by side with user subject matter experts and data scientists. In new infrastructure release testing and in waterfall testing, more active collaboration should be fostered with system and application programmers.The more collaborative bridges you build, the more effectively your QA function will perform.

In ourcontinuing look back at the best and worst of 2024, lets pause and spend some time ona fewof the movies thatthe instant classics or the absolute disasters. Theyre the good movies thatflew below the radar with audiences, critics, or both.That doesnt mean these were box-office bombs, or that they got bad reviews. Think more the movies that did okay, financially and creatively, but that in ten years time are the films people get excited aboutwhenthey show up on Netflix; the films that evolve into those basic cable favorites you watch over and over again. Thats the sort of film were talking about today.Actually, there is a Netflix original onmy list, plus several more titles exclusive to other streaming services. This is going to be a major issue in the years ahead: Movies that are mostly unseen and forgotten not because they are bad, but because they were released on smaller streaming services that most people do not have. Because films are now siloed off in these little streamingcul de sacs, and becausea lot of these films never show up intheaters oron Blu-ray, its easier than ever for worthy pictures to fall through the cracks.Thats why lists like this are useful. So lets take a look at a dozen underrated 2024 films that deserve a second look (or a wider audience).The Most Underrated Movies of 2024Lets give some love to the 2024 films that deserved more attention.READ MORE: The Worst Movies of 2024 (According to Letterboxd)Get our free mobile appThe Most Underrated Movies of 2024Lets give some love to the 2024 films that deserved more attention.

The title of the new Bob Dylanbiopic,A Complete Unknown,is not just a reference to a famous line fromDylans Like a Rolling Stone. It is the entire thesis of James Mangoldsfilm in three words.In A Complete Unknown, Mangolds Dylan arrives in New York City in early 1961 with the clothes on his back, an acoustic guitar, and a name that hechose for himself. He shuffles anonymously through Greenwich Villages clubs and coffee shops. No one gives this scruffy kid a second look. Not until they hear him play.Pretty soon, Dylan becomes aVillage favorite. Within a few years, hes an international star, and so big and influential than when he dares to buck the trend toward socially relevant folk music that he helped bring into the mainstream, hes labeled a Judas by his own fans. Butthe motivations behind that decision and many othershe makes throughoutA Complete Unknownare left opaque. As a musician, Dylanis clearly a genius. As a man, he remains a complete unknown.A biography thatreinforces itssubjects mysteries rather than illuminates them is a valid choice for a Dylan film, and one Dylan himself would probably appreciate if he ever gets around to watching A Complete Unknown. But I am not sure it is an entirelyrewarding one to the paying customer who goes to see this.Yes,this movieis well-made. But what, ultimately, does it add to our understanding of Dylan, or to great artists in general? What do we take away from this story, except thatDylan followed his muse, wrote incredible music, and left the rest to others to sort out for themselves? These are questions I am still wrestling with even as Im writing this review.SearchlightSearchlightloading...READ MORE: This Is Our Least Favorite Biopic ClicheI know this much:Timothe Chalamet is genuinely impressive playing (and singing!) the young Bob Dylan. A Complete Unknownis not a biopic like Bradley CoopersMaestro, which barely concerned itself with the musical legacy ofLeonard Bernstein, and focused instead on his complicated marriage and private life.A Complete Unknownoverflowswith Dylan music, from Song For Woody, strummed by Chalamets Dylan in a hospital roomfor Woody Guthrie (Scoot McNairy), to Like a Rolling Stone, blasted by Dylan and his backing band at the stunned throngs gathered at1965s Newport Film Festival.All ofthe music is performedby Chalamet, doing a very credible Dylan croon and doing an even more impressive job of inhabiting Dylan away from the microphone. His tics, his stammers, his evasive glances, his endless obfuscations. Beyond his wild mop of brown hair, Chalamet doesnt really look much like Dylan. AndDylan isvastly different from ascendant emperor Paul Atreides inDune, or from the aspiring chocolatier inWonka.For a guy who looksbasically the same in every single role he takes on, Chalamet sure hasdeveloped an impressivechameleonic quality.A Complete UnknownSearchlightloading...Mangold surrounds Chalamet with a terrific ensemble. Edward Norton plays an awed, frustrated Pete Seeger who recognizes the potential in Dylan, and perhaps envies it as well, and tries to guidethe young folkies career in the ways he would have wanted if he were just coming into his own as an artist in the early 60s. Elle Fanning plays Sylvie, a fictionalized version of Dylans girlfriend in this period, perhaps the last person outside the world of show business who would ever be close to him. And Monica Barbaro plays Joan Baez, who forged a fiery connection with Dylan both on and off-screen.A Complete Unknowns screenplay, written by Mangold with frequent Martin Scorsese collaborator Jay Cocks and based on a book by journalist Elijah Wald calledDylan Goes Electric!, charts Dylans rise to fame and then his growing interest in rock and roll and pop, much to the consternation of old-schoolfolk singers like Seeger and his colleagues at the Newport Folk Festival. Whether you will get invested in the battle over Dylans musical soul may depend on how much you know or care about the man himself, and how much you know about how these events played out in real life.Beyond them, there isnt an enormous amount of dramatic tension or suspense in the film.A Complete Unknown is not a traditional take on The Bob Dylan Story. Its more a loving evocation of 1960s New York City, with its smoky bars and chilly dives, and of the wider social and political upheaval that birthed this remarkable talent who then decided he wasmore interested in things beyond protest songs and campaigning for civil rights. For Dylan, the times were always achanging.SearchlightSearchlightloading...So does that justify a movie that adds so little to our understanding of Dylan? A Complete Unknown is beautiful, its got a wonderful texture of authenticity, and its got one remarkable song after another. (The soundtrack will be incredible ... provided you want to hearTimothe Chalamet sing Girl From the North Country.) And when the movie was over, I walked out of the theater and thought to myself ... Okay, but, so what?I believe Mangolddirectedthe Dylan movie he wanted to, and in some ways A Complete Unknownis interesting precisely because it is a willfully withholding portrait of an enigmatic star. Then again, it's hard to make a completely satisfying movie abouta subject that its director seems to believe cannot be understood.Additional Thoughts:-The other key player in this biopic is Johnny Cash, a colleague and admirer of Dylans and theprotagonist of a previous James Mangold movie biopic,Walk the Line, which starred Joaquin Phoenix as Cash. This time, Boyd Holbrook assumes the role, and mostly plays thecountry singer as a lovable rogue rather than a tortured gunslinger. Its fun to see Mangold present another side of Cash, evenifonly for a couple of scenes.RATING: 7/10The Coolest Opening Title Sequences of All TimeWhere have all the opening credits gone?(Note: Click the link in each entry to watch these opening titles on YouTube.)

Time zones: EST (UTC -5), MST (UTC -7), ART (UTC -3), UTC -4, UTC -4:30, UTC -3, UTC -2Are you a go-getter with a passion for sales and a knack for connecting with brands? Do you thrive in a fully remote environment and love the idea of working with companies that support a vibrant remote work community? If so, we want you on our team!We Work Remotely is the largest remote work job board in the world, and were on the hunt for a Sales Representative to join our team. Your mission will be to drive direct ad sales and collaborate with brands that align with our community of remote professionals.About Us:We Work Remotely is more than just a job board. Were a community of remote professionals, helping companies find top-tier talent and empowering individuals to build their remote dream careers. Were dedicated to connecting brands with the audiences that matter most.What Were Looking For:Sales Experience: Proven track record in ad sales, business development, or a similar role.Remote Enthusiasm: You understand and are excited about the remote work movement.Communication Skills: Exceptional verbal and written communication skills to build lasting client relationships.Organized and Driven: Self-starter with strong organizational skills who thrives in a results-oriented environment.Creative Thinker: Ability to craft compelling pitches and creative ad solutions for clients.What Youll Do:Build Relationships: Identify and connect with brands that resonate with our remote work audience.Sell with Impact: Drive direct ad sales on our platform, offering customized advertising packages to meet client needs.Collaborate with Passion: Work with our team to develop creative ad campaigns that deliver results for our partners.Stay Ahead: Keep up with industry trends to ensure our platform remains a go-to destination for relevant and meaningful ads.What We Offer:Flexible Work Environment: Work from anywhere in the world.Supportive Team Culture: Join a passionate and dedicated remote-first team.Competitive Compensation: Base salary plus commission.Growth Opportunities: Shape the future of advertising on our platform and grow your career with us.How to Apply:Ready to make your mark? Send your resume and a brief cover letter telling us why youre excited about this role. We cant wait to meet you!Join us in shaping the future of remote work, one ad at a time.

Jeenie is seeking skilled voice talents to collaborate on an exciting AI voice project. This role involves recording a variety of medical scenario scripts in your natural voice to help our client develop a high-quality AI model.Responsibilities:Record provided scripts in a quiet environment both with your assigned partner and monologues.Deliver high-quality audio files in accordance with project specifications.Provide written consent for the ethical use of your voice for cloning purposes.Artistic DirectionMale and Female, any age range.Native speaker born in the country where language originated from (example, French from France, Dutch from the Netherlands, etc.)We are looking for pairs or actors (one to perform a doctor role, and the other a patient role) for the following languages:French from France [fr-FR] (8 actors)Dutch from Netherlands [nl-NL] (8 actors)American English [en-US] (8 actors)Talent must be 18 years of age or olderAudio Requirements and Length:1.25 to 1.55 hours of audio recording required with scripts and zoom logins provided.The client is looking to have this project completed in the next 2-3 weeks.One pair of actors will record the first week, the next pair will record the following and so on.Qualifications:Clear, consistent, and professional speaking voice.Previous experience in voice acting, narration, or broadcasting is a plus but not required.Access to high-quality recording equipment (microphone, soundproofing preferred).Ability to deliver recordings on time.Additional Information:Additional compensation if your voice is chosen to be cloned. This will be determined at a later date, but Talent are encouraged to submit within their proposal the annual cost per year for their voice to be cloned.Ethical Use: Your voice data will only be used for agreed-upon purposesData Usage: Your voice WILL NOT be cloned from these recordings, additional license terms to be negotiated if you are chosen as a clone. This data is for internal training purposes only.Artists need to disclose if they are already the voice of a large tech company.Potential for long-term contribution possible after initial assignment.Project Deadline:Two weeks after hire date