"The future of the Polaris program is a little bit of a question mark at the moment."Stuck in the OfficeBillionaire Jared Isaacman has been to space twice. First, he commanded the first all-civilian mission to orbit in September 2021 on board SpaceX's Crew Dragon spacecraft. Almost exactly three years later, he again rode the craft to orbit to become the first private astronaut to go on a spacewalk.But the playboy space tourist may soon have to go on a hiatus from his privately-funded trips into orbit because Isaacman was picked by president-elect Donald Trump,or perhaps his buddy Elon Musk, to become the next head of NASA.The announcement catapulted the trained fighter jet pilot into the upper echelons of Washington, DC which could force him to put his personal space travel ambitions on hold.As part of the private Polaris program organized by Isaacman, the entrepreneur wanted to follow up his September spacewalk with two more trips on board SpaceX's Crew Dragon and eventually the company's much larger Starship."The future of the Polaris program is a little bit of a question mark at the moment," Isaacman told the audience of a space conference in Orlando, as quoted by Reuters. "It may wind up on hold for a little bit."Spacefaring Kinda GuyIt's the first time Isaacman has made a public appearance since being appointed NASA administrator. As Reuters points out, the billionaire appeared highly optimistic about the future of the private space industry at the event but offered few clues on how we would lead NASA starting in January.The 41-year-old is widely expected to further existing private-public partnerships, which could turn out to be a major windfall for SpaceX, which is already a major NASA contractor."At NASA, we will passionately pursue these possibilities and usher in an era where humanity becomes a true spacefaring civilization," Isaacman wrote in anannouncement on X last week.Where his new role will leave the Polaris program and SpaceX's other private astronaut partnerships with the likes of Axiom and Vast remains unclear.In short, while it may not be him personally riding a spacecraft into space, given his new role in the Trump administration, SpaceX's space exploration ambitions almost certainly just got a major boost.More on Isaacman: The New Head of NASA Had an Interesting Disagreement with the Space AgencyShare This Article

Dec 13, 2024The Hacker NewsCybercrime / CryptocurrencyThe U.S. Department of Justice (DoJ) has indicted 14 nationals belonging to the Democratic People's Republic of Korea (DPRK or North Korea) for their alleged involvement in a long-running conspiracy to violate sanctions and commit wire fraud, money laundering, and identity theft by illegally seeking employment in U.S. companies and non-profit organizations."The conspirators, who worked for DPRK-controlled companies Yanbian Silverstar and Volasys Silverstar, located in the People's Republic of China (PRC) and the Russian Federation (Russia), respectively, conspired to use false, stolen, and borrowed identities of U.S. and other persons to conceal their North Korean identities and foreign locations and obtain employment as remote information technology (IT) workers," the DoJ said.The IT worker scheme generated at least $88 million for the North Korean regime over a span of six years, it's been alleged. In addition, the remote workers engaged in information theft, such as proprietary source code, and threatened to leak the data unless a ransom was paid. The illicit proceeds obtained in this manner were then routed through U.S. and Chinese financial systems back to Pyongyang.The DoJ said it's aware of one employer that sustained hundreds of thousands of dollars in damages after it refused to yield to the extortion demand of a North Korean IT worker, who then ended up leaking the confidential information online.The identified individuals are below -Jong Song Hwa ()Ri Kyong Sik ()Kim Ryu Song ()Rim Un Chol ()Kim Mu Rim ()Cho Chung Pom ()Hyon Chol Song ()Son Un Chol ()Sok Kwang Hyok ()Choe Jong Yong ()Ko Chung Sok ()Kim Ye Won ()Jong Kyong Chol (), and Jang Chol Myong ()The 14 conspirators are said to have worked in various capacities ranging from senior company leaders to IT workers. The two sanctioned companies have employed at least 130 North Korean IT workers, referred to as IT Warriors, who participated in "socialism competitions" organized by the firms to generate money for DPRK. The top performers were awarded bonuses and other prizes.The development is the latest in a series of actions the U.S. government has taken in recent years to address the fraudulent IT worker scheme, a campaign tracked by the cybersecurity community under the moniker Wagemole.The DoJ said it has since seized 29 phony website domains (17 in October 2023 and 12 in May 2024) used by DPRK IT workers to mimic Western IT services firms to support the bona fides of their attempts to land remote work contracts for U.S. and other businesses worldwide. The agency said it has also cumulatively seized $2.26 million (including $1.5 million seized in October 2023) from bank accounts tied to the scheme. Separately, the Department of State has announced a reward offer of up to $5 million for information on the front companies, the individuals identified, and their illicit activities."DPRK IT worker schemes involve the use of pseudonymous email, social media, payment platform and online job site accounts, as well as false websites, proxy computers, virtual private networks, virtual private servers, and unwitting third-parties located in the United States and elsewhere," the DoJ said. "The conspirators used many techniques to conceal their North Korean identities from employers."One such method is the use of laptop farms in the U.S. by paying people residing in the country to receive and set up company-issued laptops and allow the IT workers to remotely connect through software installed on them. The idea is to give the impression that they are accessing work from within the U.S. when, in reality, they are located in China or Russia.All the 14 conspirators have been charged with conspiracy to violate the International Emergency Economic Powers Act, conspiracy to commit wire fraud, conspiracy to commit money laundering, and conspiracy to commit identity theft. Eight of them have been charged with aggravated identity theft. If convicted, each of them faces a maximum penalty of 27 years in prison.Radiant Capital Crypto Heist Linked to Citrine SleetThe IT worker scam is just one of the many methods that North Korea has embraced to generate illicit revenue and support its strategic objectives, the others being cryptocurrency theft and targeting of banking and blockchain companies.Earlier this month, decentralized finance (DeFi) platform Radiant Capital attributed a North Korea-linked threat actor dubbed Citrine Sleet to the $50 million cryptocurrency heist that took place following a breach of its systems in October 2024.The adversary, also called Gleaming Pisces, Labyrinth Chollima, Nickel Academy, and UNC4736, is a sub-cluster within the Lazarus Group. It's also known for orchestrating a persistent social engineering campaign dubbed Operation Dream Job that aims to entice developers with lucrative job opportunities to dupe them into downloading malware.It's worth noting that these efforts also take different forms depending on the activity cluster behind them, which can vary from coding tests (Contagious Interview) to collaborating on a GitHub project (Jade Sleet).The attack targeting Radiant Capital was no different in that a developer of the company was approached by the threat actor in September on Telegram by posing as a trusted former contractor, ostensibly soliciting feedback about their work as part of a new career opportunity related to smart contract auditing.The message included a link to a ZIP archive containing a PDF file that, in turn, delivered a macOS backdoor codenamed INLETDRIFT that, besides displaying a decoy document to the victim, also established stealthy communications with a remote server ("atokyonews[.]com")."The attackers were able to compromise multiple developer devices," Radiant Capital said. "The front-end interfaces displayed benign transaction data while malicious transactions were signed in the background. Traditional checks and simulations showed no obvious discrepancies, making the threat virtually invisible during normal review stages."Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Dec 13, 2024The Hacker NewsIoT Security / Operational TechnologyIran-affiliated threat actors have been linked to a new custom malware that's geared toward IoT and operational technology (OT) environments in Israel and the United States.The malware has been codenamed IOCONTROL by OT cybersecurity company Claroty, highlighting its ability to attack IoT and supervisory control and data acquisition (SCADA) devices such as IP cameras, routers, programmable logic controllers (PLCs), human-machine interfaces (HMIs), firewalls, and other Linux-based IoT/OT platforms."While the malware is believed to be custom-built by the threat actor, it seems that the malware is generic enough that it is able to run on a variety of platforms from different vendors due to its modular configuration," the company said.The development makes IOCONTROL the tenth malware family to specifically single out Industrial Control Systems (ICS) after Stuxnet, Havex, Industroyer (aka CrashOverride), Triton (aka Trisis), BlackEnergy2, Industroyer2, PIPEDREAM (aka INCONTROLLER), COSMICENERGY, and FrostyGoop (aka BUSTLEBERM) to date.Claroty said it analyzed a malware sample extracted from a Gasboy fuel management system that was previously compromised by the hacking group called Cyber Av3ngers, which has been linked to cyber attacks exploiting Unitronics PLCs to breach water systems. The malware was embedded within Gasboy's Payment Terminal, otherwise called OrPT.This also means that the threat actors, given their ability to control the payment terminal, also had the means to shut down fuel services and potentially steal credit card information from customers."The malware is essentially a cyberweapon used by a nation-state to attack civilian critical infrastructure; at least one of the victims were the Orpak and Gasboy fuel management systems," Claroty said.The end goal of the infection chain is to deploy a backdoor that's automatically executed every time the device restarts. A notable aspect of IOCONTROL is its use of MQTT, a messaging protocol widely used in IoT devices, for communications, thereby allowing the threat actors to disguise malicious traffic.What's more, command-and-control (C2) domains are resolved using Cloudflare's DNS-over-HTTPS (DoH) service. This approach, already adopted by Chinese and Russian nation-state groups, is significant, as it allows the malware to evade detection when sending DNS requests in cleartext.Once a successful C2 connection is established, the malware transmits information about the device, namely hostname, current user, device name and model, timezone, firmware version, and location, to the server, after it awaits further commands for execution.This includes checks to ensure the malware is installed in the designated directory, execute arbitrary operating system commands, terminate the malware, and scan an IP range in a specific port."The malware communicates with a C2 over a secure MQTT channel and supports basic commands including arbitrary code execution, self-delete, port scan, and more," Claroty said. "This functionality is enough to control remote IoT devices and perform lateral movement if needed."Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Termite is quickly making itself a name in the ransomware space. The threat actor group claimed responsibility for a November cyberattack on Blue Yonder, a supply chain management solutions company, according to CyberScoop. Shortly afterward, the group was linked with zero day attacks on several Cleo file transfer products.How much damage is this group doing, and what do we know about Termites tactics and motives?New Gang, Old RansomwareTermite is rapidly burrowing into the ransomware scene. While its name is new, the group is using a modified version of an older ransomware strain: Babuk. This strain of ransomware has been on law enforcements radar for quite some time. In 2023, the US Department of Justice indicted a Russian national for using various ransomware variants, including Babuk, to target victims in multiple sectors.Babuk first arrived on the scene in December 2020, and it was used in more than 65 attacks. Actors using this strain demanded more than $49 million in ransoms, netting up to $13 million in payments, according to the US Justice Department.While Babuk has reemerged, different actors could very well be behind its use in Termites recent exploits.Babuk ransomware was leaked back in 2021. The builder is basically just the source code so that anyone can compile the encrypting tool and then run their own ransomware campaign, says Aaron Walton, threat intelligence analyst atExpel, a managed detection and response provider.Related:How is Termite putting the ransomware to work?Researchers have found that the groups ransomware uses a double extortion method, which is very common these days, Mark Manglicmot, senior vice president of security services at cybersecurity company Arctic Wolf, tells InformationWeek. They extort the victim for a decryptor to prevent the release of stolen data publicly.A new ransomware group is not automatically noteworthy, but Termites aggression and large-scale attacks early on in its formation make it a group to watch.Usually, these groups start with smaller instances and then they kind of build up to something bigger, but this new group didnt waste any time, says Manglicmot.Termites VictimsTermite appears to be a financially motivated threat actor. Theyre attacking victims in different countries across different verticals, says Jon Miller, CEO and cofounder ofanti-ransomware platform Halcyon. The fact that theyre executing without a theme makes me feel like theyre opportunist-style hackers.Related:Termite has hit 10 victims thus far, in sectors including automotive manufacturing, oil and gas, and government, according to Infosecurity Magazine.The group does have victims listed on its leak site, but it is possible there are more. Maybe we could guess that there might be another handful that have paid ransom or have negotiated to stay off of [the] data leak site, says Walton.Given the groups aggression and opportunistic approach, it could conceivably execute disruptive attacks on other large companies.Termite seems to be bold enough to impact a large number of organizations, says Walton. That is normally a risky tactic that really brings the heat on you much faster than just hitting one organization and avoiding anything that could severely damage supply lines.The attack on Blue Yonder caused significant disruption to many organizations. Termite claims it has 16,000 e-mail lists and more than 200,000 insurance documents among a total of 680GB of stolen data, according to Infosecurity Magazine.The ransomware attack caused outages for Blue Yonder customers, including Starbucks and UK supermarket companies Morrisons and Sainsburys, according to Bleeping Computer.Termites exploitation of a vulnerability in several Cleo products is impacting victims in multiple sectors, including consumer products, food, shipping, and trucking, according to Huntress Labs.Related:Ongoing Ransomware RisksWhether Termite is here to stay or not, ransomware continues to be a risk to enterprises. With certain areas of the globe being destabilized, we could see even more of these types of behaviors pop up, says Manglicmot.As enterprise leaders assess the risk their organizations face, Miller advocates for learning about the common tactics that ransomware groups use to target victims.Its really important for people to go out and educate themselves on what ransomware groups are targeting their vertical or like-sized companies, he says. The majority of these groups use the exact same tactics over and over again in all their different victims.

Where would the world be without APIs? There would likely be a lot less connected and software releases flowing like molasses. Developers use APIs to add capabilities to their apps quickly, though the grab-and-go approach is unwise when it comes to AI.While many developers are proficient in embedding AI into applications, the challenge lies in fully understanding the nuances of AI development, which is vastly different from traditional software development, says Chris Brown, president of professional services company Intelygenz. AI is not just another technical component. Its a transformative tool for solving complex business challenges.Jason Wingate, CEO of Emerald Ocean, a technology and business solutions company focused on product innovation, brand development and strategic distribution also believes that while APIs make embedding AI seem as simple as calling a function, many developers do not understand how models work and their risks.Several major companies in 2023 and early 2024 had their chatbots compromised through prompt injection. Users sent prompts like Ignore previous instructions or Forget you are a customer service bot, causing the AI to reveal sensitive information, says Wingate. This happened because developers didnt implement proper guardrails against prompt injection attacks. While much of this has been addressed, it showcases how unprepared developers were in using AI via APIs.Related:Timothy E. Bates, professor of practice, University of Michigan and former Lenovo CTO, also warns that most developers dont fully grasp the complexities of AI when they embed it using APIs.They treat it as a plug-and-play tool without understanding the intricacies of the underlying models, such as data bias, ethical implications and dynamic updates by AI providers. I've seen this firsthand, especially when advising organizations where developers inadvertently introduced vulnerabilities or misaligned features by misusing AI, says Bates.An organization can miss opportunities due to a lack of knowledge, which results in poor ROI.AI should be tested in sandbox environments before production. [You also need] governance. Establish oversight mechanisms to monitor AI behavior and outcomes, says Bates. AI usage should be [transparent] to end users, maintaining trust and avoiding backlash. Combining developers, data scientists and business leaders into cross-functional teams ensures AI aligns with strategic goals.Ben Clayton, CEO of forensic audio and video analysis company Media Medic has also seen evidence of developer struggles firsthand.Related:Developers need a solid grasp of the basics of AI -- things like data, algorithms, machine learning models, and how they all tie together. If you dont understand the underlying principles, you could end up using AI tools in ways that might not be optimal for the problem youre solving, says Clayton. For example, if youre relying on a model without understanding how it was trained, you might be surprised when it doesnt perform as expected in real-world scenarios.Technology Is Only Part of the PictureA common challenge is viewing AI as a technological solution rather than a strategic enabler.Organizations often falter by embedding AI into their operations without clearly defining the business problem it is solving. This can result in misaligned goals, poor adoption rates and systems that fail to deliver ROI, says Intelygenzs Brown. AI implementation must start with a clear business case or IT improvement objective whether its streamlining operations, optimizing network performance, or enhancing customer experience. Without this foundation, AI becomes a costly experiment instead of a transformative solution."Chris Brown, IntelygenzGabriel Zessin, software architect at API solution provider Sensedia, agrees.Related:In my opinion, although most developers are proficient in API integrations, not all of them understand AI well enough to use it effectively, especially when it comes to embedding AI to their existing applications. Its important for developers to set the expectations of what can be achieved with AI for each company's use case alongside the business teams, like product owners and other stakeholders, says Zessin.DataAI feeds on data. If the data quality is bad, AI becomes unreliable.[S]ourcing the correct data is often challenging, says Josep Prat, engineering director of streaming services at AI and data platform company Aiven. External influences such as data sovereignty and privacy controls affect data harvesting, and many databases are not optimized properly. Understanding how to harvest and optimize data is key to creating effective AI. Additionally, developers need to understand how AI models produce their outputs to use them effectively.Probabilistic Versus DeterministicTraditionally, software developers have been taught that a given input should result in a certain output. However, AI tends to be probabilistic, which is based on the likelihood something will happen. Deterministic, on the other hand, assures an outcome based on previous results.Instead of a guaranteed answer, [probabilistic] offers confidence levels at about 95%. And keep in mind, what works in one scenario may not work in another. These fundamentals are key to setting realistic expectations and developing AI effectively, says Sri (Srikanth) Hosakote, chief development officer and co-founder at campus network-as-a-service (NaaS) Nile. I find that many organizations successfully adopt AI by working directly with customers to identify pain points and then developing solutions that address those issues.Have a Feedback Loop and TestAPIs simplify AI integration, but without understanding the role of feedback loops, developers risk deploying models without mechanisms to catch errors or learn from them. A feedback loop ensures that when the AI output is wrong or inconsistent, its flagged, documented, and shared across teams.[A feedback loop] prevents repeated use of flawed models, aligns AI performance with user needs and creates a virtuous cycle of improvement, says Robin Patra, head of data at design-build construction company ARCO Design/Build.Without such systems, errors may persist unchecked, undermining trust and user experience.Its also wise to involve stakeholders who can provide feedback about the AI outputs, such as whether the prediction is accurate, the recommendation relevant or a fair decision.Feedback isnt just about a single mistake. Its about identifying patterns of failure and sharing those insights with all relevant teams. This minimizes repeat errors and informs retraining efforts, says Patra. Developers should understand techniques like active learning where the model is retrained using flagged errors or edge cases, improving its accuracy and resilience over time.Its also important to test early and often.Good testing is critical to successfully embedding AI. AI should be thoroughly tested and validated before being deployed and once it is live regular monitoring and checks should continue. It should never just be a case of setting an AI model up and then leaving it to run, says John Jackson, founder at click fraud protection platform Hitprobe.Developers should understand and use performance metrics.Developers often deploy AI without fully understanding how to evaluate it. Metrics like accuracy, precision, recall and F1 score are crucial for interpreting how well an AI model performs specific tasks, says Anbang Xu, founder at AI ad generator JoggAI. [W]eve seen companies struggle to optimize video ad placements because they dont understand how models weigh audience demographics versus engagement data.Another challenge is misunderstanding the capabilities of what the API is calling.Misaligned expectations around AI often stem from a lack of understanding of what models can realistically achieve, says Xu. This misalignment leads to wasted time and suboptimal results.Security should always be top of mindI think a lot of developers and business leaders making decisions to implement AI in their applications simply dont realize that AI isnt always that secure. Lots of AI tools dont make it very clear how data is used, says Edward Tian, CEO of AI-generated content detector GPTZero. They arent always upfront about where they source their data or how they deal with the data that is inputted. So, if an organization inputs customer data into an embedded AI tool in their application, whether they are the ones doing that or their customers are, they could potentially run into legal troubles if that data is not handled appropriately.Developers should spend time exploring the security defenses of the AI they choose."They need to understand what threats were contemplated, what security mechanisms are in place, what model was used to train the AI, and what capabilities the AI has through integrations and other connections, says Jeff Williams, co-founder and CTO at Contrast Security. Developers might start with the OWASP Top Ten for LLM Applications, which is specifically designed to educate developers about the risks of incorporating AI into their applications.For example, prompt injection enables an attacker to rewrite rules. Its difficult to prevent, so developers should be careful about using any user input from an untrusted source in a prompt. Sensitive information disclosure and over-trusting AI are also common challenges.AIs aren't very good at partitioning data or keeping track of which data belongs to which user. So, attackers can try to trick the AI into revealing sensitive data like private information, internal implementation details, or other intellectual property, says Williams. [D]evelopers may give the results from the AI more trust than is warranted. This is very easy to do because AIs are very good at sounding authoritative, even when they are just making things up. There are many more serious issues for developers to take into account when using an AI in their apps.How to Develop AI SmartsThere are endless resources available to developers who want to learn more about AI. They include online courses and tutorials, which include practical exercises for hands-on experience.Carve out time weekly to explore areas like natural language processing, computer vision and recommendation systems. Online tutorials and communities are great resources for staying up to date, says Niles Hosakote. At the same time, experiment[ing] with AI tools for productivity code analysis or test automation can level up your work.Developers can also improve their working knowledge of AI by participating in hackathons or internal-focused AI projects, pair programming with data scientists, and staying up to date through online courses, conferences, and industry meetups.AI isnt a magic wand, so define specific problems it should solve before integration. [Also], respect data ethics: Be cautious about where training data originates to avoid unintended consequences, says University of Michigans Bates. The success of AI depends on the teams behind it. Training developers on AI fundamentals will pay dividends.Some of the fundamentals include bias and fairness, explainability, lifecycle management, and security in AI integration.Jason Wingate, Emerald OceanDevelopers need to understand how biases in training data affect outputs, as seen in systems that inadvertently reinforce societal inequities. AI must not remain a black box. Developers should know how to articulate AI decision-making processes to stakeholders, says Bates. Continuous monitoring and retraining are essential as business contexts evolve.Developers can learn about AI tools through small experiments, like building simple chatbots to understand how changes in prompts affect responses, before taking on bigger projects.[Developers] need to grasp model behavior, limitations, data privacy, bias issues and proper prompt engineering, says Emerald Oceans Wingate. Start small and build up gradually. For example, when introducing AI for customer service, companies often begin by having AI suggest responses that human agents review, rather than letting AI respond directly to customers. Only after proving this works [should] they expand AIs role.

The government has rowed back on proposals to require all residential projects on grey belt sites to deliver 50% affordable housing as it published the final version of its long-awaited revisions to national planning policy.In a significant victory for the development sector, the government said that it would instead require speculative applications approved on the newly defined grey belt sites on former green belt land to deliver 15% more affordable homes than in the local housing policy up to a cap of 50%.Housing secretary Angela Rayner has promised to deliver the biggest boost in social and affordable housebuilding in a generationThe change in tack came as the government set out its finalised plans to speed up the planning system in an effort to reach its target of building 1.5 million homes during the course of this parliament.The publication of the formal response to its National Planning Policy Framework consultation at noon today also revealed the extent of the opposition to most of its pro-housing measures with ministers pushing ahead despite the majority of respondents opposing much of the reform package.The change to the previously proposed golden rules will apply to applications seeking to build on so-called grey belt land sites in the green belt which do little to contribute to the green belts core purposes, which relate to keeping the countryside open.The government had said that all sites would have to deliver at least 50% affordable homes or be subject to a viability test on the basis of a stringent benchmark land value which housebuilders had argued would make many, if not most, green belt sites unviable.The Home Builders Federation (HBF) and the Land, Planning and Development Federation (LPDF) had both lobbied to replace the 50% flat rate for affordable housing on grey belt sites promised by Labour as a condition for releasing green belt land prior to the election to be replaced with a 10% affordable housing premium on local policies.The governments change instead requires developers to deliver a 15% premium above local policies. It also states that, at the point at which local authorities have new plans in place, the government will let those authorities set the affordability requirement on grey blt sites themselves.The changes to the National Planning Policy Framework (NPPF), published in draft form in July, confirmed increases in housing targets, which will once again be mandatory, with local councils now expected to demonstrate how they will meet a combined annual target of 370,000 homes. The previous housing targets, which were advisory, had a combined total of just 305,000.Under the finalised NPPF, areas with the highest unaffordability and greatest potential for growth will see targets increase, according to the government, while stronger action is planned to ensure councils adopt new plans.The target has increased by 7,300 in London, compared to the summer, and has also risen slightly in the South-east and East of England regions.The target has fallen in all other areas compared to the consulted version, with the biggest drop in Yorkshire and the Humber.The NPPF will also require councils to review greenbelt boundaries to meet their targets, by identifying lower quality land, on which development will be subject to a set of requirements related to infrastructure and affordable housing provision.> Also read:Planning more clearly is the way to delegate decision-makingIn a statement this morning, housing secretary Angela Rayner said: Todays landmark overhaul will sweep away last years damaging changes and shake up a broken planning system which caves into the blockers and obstructs the builders.I will not hesitate to do what it takes to build 1.5 million new homes over five years and deliver the biggest boost in social and affordable housebuilding in a generation.The final version of the NPPF came after a consultation which saw more than 10,000 responses.The draft NPPF was widely supported across the industry, though there were nevertheless calls for greater support for small and medium-sized businesses, as well as clearer and more precise language to ensure the NPPF is easily interpreted in planning decisions.However, a number of local authorities have come out against Labours attempt to increase targets for their areas, suggesting they are being set up to fail.Addressing the House of Commons in a ministerial statement today, housing minister Matthew Pennycook, said: The views shared with us have been invaluable in helping refine our initial proposals so that we are able to introduce an effective package of reforms today.Changes to the NPPFPennycook told parliamentthere were four areas of significant change to their initial proposals:Housing targetsPennycook told MPs: We fully intend to maintain the level of ambition outlined in July, but we heard through the consultation a clear view that we should do more to target housing growth on those places where affordability pressures are most acute.We have therefore made the method more responsive to demand, redistributing housing targets towards those places where housing is least affordable, while maintaining the overall target envelope.Grey belt definitionThis approach received broad support through the consultation, but a strong desire was expressed to limit the room for subjectivity. We have therefore set out a clearer description of how to assess where the land meets the definition of grey belt and we will be providing further guidance to local authorities in the new year.Housingminister Matthew Pennycook said the final plans showed the government had listened to the consultationThe proposals had come in for criticism from witnesses at the House of Lords built environment committees short inquiry into the matter.It had been suggested that the definition of grey belt lacked clarity and would lead to confusion among planners and a surge in legal challenges.Golden rulesGolden rules proposed a flat 50% affordable housing target with limited use of viability assessments to adjust this.Pennycook said: Through the consultation, we have recognised that this approach risked uncertainty.Rather than a single 50% target, we are introducing a 15 percentage point premium on top of targets set in local plans up to a maximum of 50%. And because that means the target itself will be responsive to local circumstances, we will be restricting the ability for site-specific viability assessments until such time as we have amended viability guidance in the spring of next year.Presumption in favour and transitionPennycook also announced changes to ensure that, where the presumption in favour of sustainable development applies, it will be consistent with the clear requirements in national policy relating to sustainability, density design and the provision of affordable homes.He said the government was also softening transitional arrangements for local authorities at an advanced stage of planmaking.Local authorities will be given two more months to progress their plans. The transitional arrangement will apply where the draft housing requirement in the plan meets at least 80% of local housing need, rather than numerical 200 homes threshold originally proposed.

Carote 14-piece knife set: $50 Save $150 $50 at Walmart Apple iPad (10th gen): $279 Save $70 $279 at Walmart Travelhouse hardshell carry-on: $50 Save $100 $50 at Walmart Apple Watch Series 10: $349 Save $50 $349 at Walmart The holidays are here, and if you still haven't tackled your holiday shopping list, you still have time to score lovely gifts. If you haven't considered shopping there, Walmart has some of the best deals around. They're known for doing rollbacks on items across multiple categories, including tech, essentials and home goods. This holiday season they've amped up their discounts, which means it's easier to cross everyone off your list without breaking the bank. We've rounded some of the best deals we could find so you can click and saveSee at WalmartThe sheer volume of deals can be overwhelming, and it's not always easy to determine which deals are worth your time (and money). But the CNET Deals team knows how to sniff out a good deal, and we're constantly assessing the best offers from across the web -- including at Walmart. To make things easier, we're regularly rounding up the best Walmart deals below so you'll always see the most noteworthy price drops and promotions. Read on for our pick of the best available right now. Hey, did you know?CNET Deals texts are free, easy and save you money. Additionally, if you're looking for gift ideas, be sure to also check out CNET's gift guides for solid bargains and gifts for every occasion. Best Walmart deals to shop today Carote/CNET No kitchen is complete without a good set of knives. This 14-piece Carote knife set is a beautiful option. The knives are made from stainless steel, ensuring long-lasting performance. It includes an 8-inch chef knife, 8-inch bread knife, a 7-inch santoku knife along with 6 steak knives and more. There's also a wooden knife block that keeps everything securely stored and easily accessible. $50 at Walmart Apple / CNET Apple's iPad (10th generation) is one of the best tablets you can buy, and Walmart is offering $70 off right now. This is Apple's entry-level tablet, so it's affordable, but it also has many of the latest features. Our editors believe the "larger display, USB-C port, better-positioned front-facing camera and faster processor make it a great choice for most." $279 at Walmart Travelhouse/CNET If you're traveling this holiday season, save yourself the hassle and skip the checked bags. Instead, grab a good carry-on, like this Travelhouse hardshell suitcase, and keep it rolling. This carry-on is lightweight and comes in several colors, including black, orange, green and light purple. It's perfect for short trips and is currently on sale at $100 off the original retail price. $50 at Walmart The Apple Watch Series 10 is one of our overallfavorite smartwatchesright now. It hit shelves just a few months ago, and we're already seeing some significant savings. Right now, you've got the opportunity to snag one at Walmart and save $50. $349 at Walmart More Walmart deals worth checking out:Apple iPad (9th gen): $249 (save $80)PlayStation 5 Disc Edition - Fortnite Cobalt Star bundle: $424 (save $76)Samsung Galaxy Buds 2: $125 (save $24)Apple MacBook Air 13-inch: $649 (save $50)JBL Clip 4 Bluetooth speaker: $48 (save $17)Samsung 43-inch 4K smart TV: $268 (save $60)Apple AirPods with charging case (2nd gen): $89 (save $50)Arlo Pro 3 floodlight camera: $187 (save $63)Onn 32-inch HD Roku TV: $88 (save $10)Famistar folding treadmill: $660 (save $1,740)Ingalik queen mattress topper: $45 (save $55)Ecomoment dash cam: $33 (save $47)JBL Tune 670NC headphones: $60 (save $40)iDoo air mattress: $66 (save $104)Samsung Galaxy Tab A9 Plus 11-inch tablet: $149 (save $30)JLab JBuds Lux ANC headphones: $50 (save $30)Baseus wireless portable charger: $19 (save $31)Cinemark $50 e-gift card: $40 (save $10)MiniARK LED cornhole set: $20 (save $20)Xbox Series S 512SSD console and extra controller: $324 (save $36)Dyson V7 advanced cordless vacuum cleaner: $200 (save $200)JBL TuneBeam wireless earbuds: $39 (save $61)Renpho Shiatsu foot massager: $59 (save $71) These Impulse Buys Under $25 Actually Make Great Gifts See all photos

See at ESPN Watch La Liga soccer in the US from $11 a month ESPN Plus See at ESPN See more details See at ExpressVPN Best VPN for streaming ExpressVPN See at ExpressVPN See more details See at Premier Sports Watch La Liga in the UK from 8 Premier Sports See at Premier Sports See more details See at TSN Carries La Liga matches live TSN Plus See at TSN See more details See at BeIn Sports Watch La Liga games from AU$15 per month BeIn Sports See at BeIn Sports See more details Table of Contents Rayo Vallecano welcome city rivals Real Madrid to the Estadio de Vallecas on Saturday in what looks set to be a key La Liga clash.With league leaders Barcelona playing tomorrow, Carlo Ancelotti's Real side have the opportunity to move to the top of La Liga with a victory.Los Blancos have however been widely inconsistent in recent weeks and have an historically poor record at Rayo's home ground.Rayo Vallecano take on Real Madrid at the Estadio de Vallecas on Saturday, Dec. 14. Kickoff is set for9 p.m. CET local time, making it a3 p.m. ET and 12 p.m. PT start in the US, a 8 p.m. GMT start in the UK and a 7 a.m. AEDTSunday kickoff in Australia.Below, we'll outline the best live TV streaming services to use to watch the game as it happens, wherever you are in the world. Jude Bellingham scored the winner in Real Madrid's 2-3 away victory over Atalanta in the Champions League in midweek. Jonathan Moscrop/Getty Images How to watch Rayo Vallecano vs. Real Madrid in the US without cableThis match is available to stream in the US via ESPN Plus, which has live English and Spanish-language broadcast rights for La Liga in the States. ESPN Plus ESPN's standalone streaming service costs $11 a month or $110 for an annual subscription.Read our ESPN Plus review. See at ESPN How to watch La Liga from anywhere with a VPNIf you find yourself unable to view La Liga matches locally, you may need a different way to watch the games -- that's where using a VPN can come in handy. A VPN is also the best way to stop your ISP from throttling your speeds on game day by encrypting your traffic, and it's also a great idea if you're traveling and find yourself connected to a Wi-Fi network and you want to add an extra layer of privacy for your devices and logins. With a VPN, you're able to virtually change your location on your phone, tablet or laptop to get access to the game. Most VPNs, like our Editors' Choice, ExpressVPN, make it really easy to do this. Using a VPN to watch or stream sports is legal in any country where VPNs are legal, including the US, UK and Canada, as long as you have a legitimate subscription to the service you're streaming. You should be sure your VPN is set up correctly to prevent leaks: Even where VPNs are legal, the streaming service may terminate the account of anyone it deems to be circumventing correctly applied blackout restrictions. James Martin/CNET 2024 Latest Tests DNS leaks detected, 25% speed loss in 2024 testsNetwork 3,000 plus servers in 105 countriesJurisdiction British Virgin Islands ExpressVPN isour current best VPN pickfor people who want a reliable and safe VPN, and it works on a variety of devices. It's normally $13 a month, but if you sign up for an annual subscription for $100 you'll get three months free and save 49%. That's the equivalent of $6.67 a month with codeSPECIALDEAL, which should be automatically applied.Note that ExpressVPN offers a 30-day money-back guarantee. 82% off with 24mo plan (+6 free months) See at ExpressVPN Livestream Rayo Vallecano vs. Real Madrid in the UK Premier Sports will be showing a minimum of five live matches per week from Spain's top league on its Premier Sports 1 and 2 channels, as well as its dedicated La Liga platform. This game will be shown exclusively live on Premier Sports Player and La Liga TV. Premier Sports A subscription to just Premier Sports' dedicated La Liga channel costs 8 a month.You can also get the channel via a full subscription to Premier Sports, giving you access to all of the networks' channels, which have the UK broadcast rights to Scottish Premiership matches, BKT United Rugby Championship and Investec Champions Cup rugby, plus NHL and Nascar.A full Premier Sports subscription costs 10 per month for Sky and Virgin TV customers. You can also get Premier Sports through Amazon Prime Video as an add-on for 15 a month. See at Premier Sports Livestream Rayo Vallecano vs. Real Madrid in Canada TSN is the rights holder for live coverage of La Liga matches in the region, with select fixtures being shown on its linear channels and a wider selection of games being shown on its TSN Plus streaming platform. This match is set to be shown on TSN Plus. TSN TSN Plus is a direct-streaming service that costs CA$8 a month and also offers coverage of PGA Tour Live golf, NFL games, F1, NASCAR and the four Grand Slam tennis tournaments. See at TSN Livestream Rayo Vallecano vs. Real Madrid in Australia Footy fans down under can watch La Liga fixtures live on BeIn Sports, which holds the live broadcast rights in Australia for Spanish top-flight matches. This match is set to be shown on BeIn Sports 2. BeIn Sports BeIn Sports is available in Australia for AU$15 a month or a yearly commitment of AU$130. See at BeIn Sports Quick tips for streaming La Liga using a VPNWith four variables at play -- your ISP, browser, video streaming provider and VPN -- your experience and success when streaming La Liga matches may vary.If you don't see your desired location as a default option for ExpressVPN, try using the "search for city or country" option.If you're having trouble getting the game after you've turned on your VPN and set it to the correct viewing area, there are two things you can try for a quick fix. First, log into your streaming service subscription account and make sure the address registered for the account is an address in the correct viewing area. If not, you may need to change the physical address on file with your account. Second, some smart TVs -- like Roku -- don't have VPN apps you can install directly on the device itself. Instead, you'll have to install the VPN on your router or the mobile hotspot you're using (like your phone) so that any device on its Wi-Fi network now appears in the correct viewing location.All of the VPN providers we recommend have helpful instructions on their main site for quickly installing the VPN on your router. In some cases with smart TV services, after you install a cable network's sports app, you'll be asked to verify a numeric code or click a link sent to your email address on file for your smart TV. This is where having a VPN on your router will also help since both devices will appear to be in the correct location.Remember, browsers can often give away a location despite using a VPN, so be sure you're using a privacy-first browser to log into your services. We normally recommendBrave.

OpinionDecember 13, 20245 min readNeuroaesthetics Reveals How the Arts Help with Dementia and TraumaAesthetic experiences can improve health and well-being at any stage of lifeBy Susan Magsamen Robert Kneschke/Alamy Stock PhotoMany of us do not have to look much farther than our family, circle of friends, or co-workers to know someone who has been touched by post-traumatic stress disorder (PTSD) or a neurological disorder such as Alzheimers disease. And that doesnt even take into account the acute daily stress, sometimes reaching toxic levels, that we all experience.In fact, one in four people will be affected by a mental health issue or a psychological disorder at some point in their lives, anxiety and depression being the most common. Neurological conditions are the leading cause of poor health and disability across the globe, with cognition disabilities affecting approximately 14 percent of the U.S. population.Fortunately, just as our brains and bodies respond negatively to trauma, stress and disease, so do they also respondin a positive senseto the arts and aesthetic experiences. Over the last 30 years, advances in technology have allowed scientists to noninvasively get inside our heads, allowing them to prove what artists and lovers of art have known intuitively for millennia: we are wired for art.On supporting science journalismIf you're enjoying this article, consider supporting our award-winning journalism by subscribing. By purchasing a subscription you are helping to ensure the future of impactful stories about the discoveries and ideas shaping our world today.The late evolutionary biologist Edward O. Wilson placed our desire to create and commemorate our lives through artistic expression as far back as the time when humans were first beginning to harness fire. He believed that what could have begun as restorative gatherings around a nightly fire grew into the creation of stories, songs, dance, myths and cave drawings, bonding us to one another like nothing else. Over the ensuing millennia, those gatherings around the fire have evolved into the incredibly diverse array of cultures that span our globe.Recent research as well as insights into humankinds artistic past have led to a new scientific discipline known as neuroaesthetics, so named by neuroscientist Semir Zeki in the late 1990s. Neuroaesthetics is the study of how the arts and aesthetic experiences measurably changes our brains, body and behavior and how this knowledge translates into practices that advance health, well-being, learning and flourishing. The discipline functions at the intersection of the arts, health, medicine, the sciences and technology, and is highly interdisciplinary.In 2023 Ivy Ross, chief design officer for consumer devices at Google, and I published Your Brain on Art. Now in its 11th printing, the book is the culmination of four years of writing and interviewing more than 120 researchers, artists, community organizers and others with the goal of bringing to the public information about the power of neuroaesthetics. We wanted to share that the arts are accessible, immediate, and affordable, and, importantly, that a talent or gift for any type of art is not required to reap significant benefits from engaging with the arts. Working on an art project for just 45 minutes, regardless of your skill, can decrease stress and has been shown to reduce cortisol levels in up to 75 percent of people.One of the books chapters focuses exclusively on restoring mental health through the use of neuroaesthetic principles and goes into detail on the brain mechanisms for processing stress and trauma, chronicling how a traumatic event may trigger PTSD. Dutch psychiatrist Bessel van der Kolk used fMRI scans to show how the Brocas area of the brain (one of the regions responsible for language and speech) shuts down in response to a traumatic experience, making it very difficult or impossible for the person experiencing the episode to talk about it. The arts interventions can help people who have experienced trauma make sense of what has happened to them and enables them to restore their ability to share their memories with less emotional dysregulation.One such interventional program is named Creative Forces, co-developed by the National Endowment for the Arts, the Department of Defense, the Department of Veterans Affairs and state-supported art agencies. Creative Forces launched in 2010 as an intensive, month-long program of what is called creative arts therapy for service members with traumatic brain injury and PTSD.Among the creative arts therapies offered, the program includes mask-making, an ancient art form that has proven to be an effective form of art therapy. In these projects, service members make masks that represent aspects of an experience they wish to explore, allowing them to externalize their thoughts in a nonjudgmental setting. The finished masks depict a wide range of feelings, from symbolically depicting deceased friends, to the representation of battle wounds and even patriotic icons. Making these pieces of art has enabled service members to open up to their families, speak about their experiences, diminish the occurrences of flashbacks and restore a sense of control to be able to process their darkest, most horrific memories and not let those remembrances take over their current lives.Another arts-related therapy involves dance, which can yield significant benefits to physical and mental well-being, even for a person at risk for or diagnosed with a neurodegenerative disease. In one study, researchers looked at the effects of 11 different types of physical activity, including cycling and swimming, but found that only dance lowered older adult participants risk of dementia. The researchers noted that the benefits may stem from the fact that dancing involves both music, which stimulates the brains reward centers, and movement, which activates its sensory and motor circuits.They also observed that dance combines mental effort and social interaction. Unlike other types of movements, dance involves the entire body and requires the brain to coordinate all muscle groups at once to engage in a particular sequence of movements. Dance can make a particular difference in the lives of those with movement disorders. One example is the Mark Morris Dance Companys Dance for PD program, a global initiative that invites people with Parkinsons and their families to participate in free virtual or in-person dance classes. Neuroaesthetics research findings in more than 40 peer-reviewed journal publications have shown how dance can help people with Parkinsons improve their gait, mood, sleep and cognition.Singing, playing and listening to music also help people with dementia improve cognition and quality of life. For those in the early-to-mid stages of dementia, taking part in the arts and aesthetic experiences can reduce agitation and other behavioral issues.Since 2020, the number of scientific articles on neuroaesthetic research has marked a steady increasefrom 700 papers in 2020 to 900 three years later, according to data compiled at the University of Pennsylvania.[KS3] And there is increasing recognition for neuroaesthetics. I worked with the Aspen Institute and a diverse group of researchers and practitioners to launch the NeuroArts Blueprint in 2021 to build awareness of the field and expand research and funding for it.Ultimately, the arts offer transformative benefits accessible to everyone, regardless of skill. By embracing an aesthetic mindsetimbued with curiosity, sensory awareness and playfulnesseach of us can experience the profound effects of the arts and aesthetics on our well-being. These practices are as important as exercise, sleep and good nutrition.This is an opinion and analysis article, and the views expressed by the author or authors are not necessarily those of Scientific American.

Epic signs deal "to make Fortnite and Epic Games Store more accessible on millions of Android devices""Players will be able to easily download Fortnite, as well as third party games in the future."Image credit: Epic Games News by Vikki Blake Contributor Published on Dec. 14, 2024 Epic Games has signed a deal with European telecommunications company Telefnica to pre-install the Epic Games Store on all its new Android devices.This means that new Android Telefnica customers in Spain, Spanish-speaking Latam, Germany, and the UK will have access to Epic Games' suite of games right out of the box in a move to "make Fortnite and the Epic Games Store more accessible on millions of Telefnica Android devices".To see this content please enable targeting cookies. Lego Fortnite Odyssey: Storm Chasers update trailer.Watch on YouTube"Players will now be able to more easily download Fortnite, Fall Guys and Rocket League Sideswipe as well as third party games in the future," Epic said. "This is just the beginning, and over the next year the companies plan to expand the partnership and bring more benefits to mobile players across the Telefnica network."Epic said this new "strategic alliance" will provide Android players with "a more competitive ecosystem [...] empowering them with a choice beyond the conventional app marketplaces". It follows Apple's decision back in August 2020 to boot Fortnite from the App Store after Epic deliberately circumvent contractually mandated App Store payment mechanisms within the game, kicking off Epic boss Tim Sweeney's public war with Apple in US courts."Thanks to our partnership with Telefnica, players will now be able to access the Epic Games Store, Fortnite and soon games from third party developers directly on their Android device," said Michael Modon, senior director of growth partnerships for Epic Games. "We look forward to expanding our collaboration with Telefnica to bring even more benefits to players."Earlier this week, Epic Games confirmed it would continue to support Fortnite Festival, the game's Rock Band-style mode developed by Harmonix, for the forseeable future.