Its long been rumored that Nvidia is planning to break into the consumer CPU market in 2025, and we may have already had our first look at its new processor.On Monday at CES, the company unveiled Project Digits, a $3,000 personal AI supercomputer powered by a new GB10 Grace Blackwell Superchip. Reuters reports that yesterday Nvidia CEO Jensen Huang hinted to investors and analysts that there are bigger plans for the Arm-based CPU within that chip, co-developed with MediaTek.You know, obviously we have plans, Huang said during an investor presentation, referring to the new 20-core desktop CPU, but that he would wait to tell you what they are.Co-developer MediaTek has its own ambitions though, and Huang suggested that it may also bring the CPU to market, independent of Nvidia. Now they could provide that to us, and they could keep that for themselves and serve the market. And so it was a great win-win, Huang said.Nvidias Project Digits AI computer, featuring a new 20-core Arm CPU. Image: NvidiaProject Digits itself isnt a mass-market product, costing $3,000 and running on a custom Linux system designed specifically for AI developers. But Nvidias consumer CPU ambitions have been rumored since October 2023, when Reuters reported that the company, alongside rival AMD, was working on Arm-based chips to launch in 2025.Qualcomm has currently cornered the market on Arm-based CPUs for Windows PCs, boosted by last years launch of the Snapdragon X Elite processors. Those chips provided the sort of performance and power efficiency previously only available with Apples MacBooks, and put real pressure on Intel and AMDs x86 systems.2024 was the year that Windows on Arm finally achieved its potential, and with increased competition from Nvidia and others, 2025 could mark a turning point in the battle between x86 and Arm.

A mockup of the Nintendo Switch 2 has appeared at CES this week and the company behind it insists its based on the real thing.Gaming accessories maker Genki is showing off its Switch 2 mockup to press at the Consumer Electronics Show, and based on a report from French publication Numerama, it has plenty to say about Nintendos unannounced next-gen console.According to Numerama, Genki said the Nintendo Switch 2 launches in April, and that its mockup, which you can see in the images in this article, is based on a real Switch 2. Genki also claimed the rumored optical sensor on the Joy-Con (more on that below) is indeed a new feature for the console, but does not know what the mysterious C button on the right side of the Joy-Con is for.Videos of this Switch 2 mockup show how the Joy-Con clip onto the console via magnets, with a button to press for release. As has been reported, the Switch 2 is bigger than the Switch, with a second USB-C port on the top.Genki has even gone as far as to publish a video allegedly showing a render of the Switch 2 on its website, designed to promote its Switch 2 accessories.Its been a busy week for Switch 2 leaks. Following the appearance of alleged images of the Nintendo Switch 2s internals, fresh images allegedly showing the next-generation consoles Joy-Con appeared online.The images, which show a left Joy-Con, were reportedly first posted to a Chinese social media website before they made their way to the Nintendo Switch 2 subreddit and western social media.They include larger SL and SR buttons than on the Nintendo Switch Joy-Con, which youd expect given the Nintendo Switch 2 is reportedly a bigger console than the original. These new Joy-Con allegedly ditch the railed lock method used by the current Switch in favor of electromagnetic suction controllers.There are what look like soft rubber glide pads at the top and bottom of the side of the Joy-Con, and what looks like a sensor of some kind, perhaps for connecting to other devices or for 3D gesture-controlled input. Some are speculating the Switch 2 Joy-Con could be used as a mouse if turned on its side and placed on a flat surface.Last week, an image of what appeared to be the Switch 2s internal components tallied with information suggested by previous image leaks that have helped give us a decent idea of what to expect from Nintendos next-gen console.In September, unverified images a mix of Computer-aided design (CAD) images and printed circuit board (PCB) photos that were said to have originated from a Chinese website before making their way onto Reddit, depicted a device similar to the existing Switch console but with a larger screen and magnetic Joy-Con. There is reportedly a USB-C port on the top and bottom of the console, too.Accompanying the images was an alleged specifications list that mentioned 12GB of RAM (the original Switch has 4GB), and 256GB of internal storage (the original Switch has 32GB). Theres a new "C" button on the right Joy-Con, allegedly, but no-one seems to know what this is for.We also have a patent, filed July 2023 but published for the first time last week, that describes AI image upscaling technology that would help keep video game download sizes small enough to fit on a physical game cartridge while offering up to 4K textures.Heres what we know for sure: Nintendo has confirmed that the yet-to-be-announced Switch 2 will be backward-compatible with original Switch games and will feature Nintendo Switch Online. Nintendo has also said it will announce the Switch 2 by the end of March 2025, which means the reveal is fast approaching. As for a release date, the console is not expected to launch during Nintendo's current financial year, so it will arrive April 2025 at the earliest.We even have developers outright saying they plan to release their upcoming games on the console, with others teasing a Switch 2 release for their games. When Switch 2 does eventually come out, Nintendo expects to have plenty of stock available, which in turn will hopefully combat scalping.Wesley is the UK News Editor for IGN. Find him on Twitter at @wyp100. You can reach Wesley at wesley_yinpoole@ign.com or confidentially at wyp100@proton.me.

It is 2025. Heaven help us. A year that not long ago sounded like science fictionand well beyond even Stanley Kubricks musings for the world of tomorrowhas come. And with it is a film and television industry in a state of upheaval or perhaps dawning opportunity.After spending the first half of this decade recovering from one crisis after another, be it COVID, self-inflicted delays in negotiating the 2023 strikes, or just the continued fallout from streamings ascent (and more recent bumpy plateauing), many in Hollywood and beyond are hoping 2025 marks a fresh start. Survive until 2025 was a rallying cry last year among movie theater exhibitors recognizing that 2024 would see a year of diminished output in the cinematic pipeline. But this mantra also could just as easily apply to the streamers who began bundling together and reconfiguring their release strategies. Even Netflix these days is in the midst of spacing out Cobra Kai Season 6 over nearly as many weeks as a network TV show.The times they are a-changin, and as they shift we thought it might be fun to muse on a few things wed like to see in the year to comeA Wide Release for Rian Johnsons Next Benoit Blanc MovieIn 2022, early reports suggested Netflix and theater owners were close to releasing Rian Johnsons Glass Onion, a sequel to 2019s delightful holiday sleeper hit, Knives Out, in theaters for 45 days ahead of its Christmastime premiere on the streaming service. In the end, Netflix released the movie theatrically for only five days in November at 600 domestic theaters (with sporadic special screenings for the rest of the holiday season). During five days in a less-than-ideal wide release, it grossed about $15 million. Which is all to say it probably would have been another holiday hit for Johnson and Daniel Craigs buoyant Benoit Blanc had Netflix wanted a theatrical hit.They didnt. With the 600 screens seen by many in the industry as a nominal courtesy to Johnson, Glass Onions muted theatrical release appeared to be yet another casualty from a strategy that Netflix CEO Ted Sarandos has more than once described as thus: Driving folks to a theater is just not our business. Having big new desirable content drives value for our members and drives value for our business.Fair enough, but in addition to keeping auteurs like Rian Johnson happyor for that matter Guillermo del Toro, Greta Gerwig, and Martin Scorsesemight we suggest evidence is increasingly showing that splashy theatrical releases can drive value to the streaming business? And this applies just as much to theatrical flops as hits. Look no further than this past holiday season when Amazon-MGM took a gamble on releasing their new streaming original film starring Dwayne Johnson and Chris Evans, Red One, into theaters. The movie suffered a rather infamously weak opening weekend, and was quickly swallowed up by Wicked and Moana 2 shortly thereafter.Nonetheless, by virtue of being a theatrical release with the marketing push that goes with it, the film got a lot of attention ahead of its limited theatrical window of 27 exclusive days in cinemas. It still grossed $185 million globally and provided major value to Amazons Prime Video service. So much so it became Amazons biggest streaming debut ever, with the company crowing more than 50 million people watched the film in its first four days on the service, beginning on Dec. 12.Even a streaming film that few people liked (at least among critics) can become a global event on the service if it has a decent theatrical debut. Now imagine if you did the same thing with a film audiences were actually excited about. Say, for example, the nextOr, for that matter, the next horror movie from an auteur as beloved as Guillermo del Toro, who is making for Netflix a film based on one of the greatest horror stories of all time: Frankenstein. Suddenly, Netflix is more than just paying lip-service to the talents perceived vanityor giving cinephiles the chance to see these films the way they were intended; streamers are also adding value to their brand. Isnt that a win-win?Read more A Full Return to Gothic HorrorWhile on the subject of Guillermo del Toro and Frankenstein, lets return to the one genre that has proven reliably dependable for more than a century: horror. While some prognosticators strangely think the sky could finally fall on horror simply because it is one of the few genres that dependably still work as original stories in the theatrical space, the truth is 2024 was a banner year for frights. Plenty of originals and indies hit it big, be it Longlegs, potential awards darling The Substance, and even the unrated bloodbath that was Terrifier 3. But while horror remains healthy, trends and tastes ebb and flow, change and cycle through.And we think were on the cusp of a renaissance for Gothic horror. In fact, it might have already begun as seen in the runaway success of Robert Eggers Nosferatuin the last 18 months alone! Luckily, it was also the first Dracula movie in a long time to really go for it and treat the subject matter with the grandeur and conviction its Gothic source material warrants. Not since Francis Ford Coppolas Bram Stokers DraculaJoin our mailing listGet the best of Den of Geek delivered right to your inbox!Similar to the 1990s, which also saw Gothic-infused hits like Interview with the Vampire and Sleepy Hollow, among others, 2025 could prove a sumptuous turning point where horror returns to its roots. The biggest 2025 example of this is again del Toros Frankenstein, which like Eggers doing Nosferatu/Dracula, sees a beloved auteur with marquee panache tackling one of the cornerstones of the genre. But Maggie Gyllenhaal is doing her own riff on Frankenstein via The Bride! with Jessie Buckley and Christian Bale. And beyond the literary classics, Ryan Coogler is seeking to keep vampires in their spooky, moldering roots with an original undead chiller, Sinners. Given it is from the director-and-star team of Coogler and Michael B. Jordanthe same duo who gave us Fruitvale Station, Creed, and the best villain in the MCUthere is every reason to suspect their latest film will have strong creative and commercial bite.Further down the road in 2026, another Gothic masterpiece is getting reimagined for Gen-Z with Emerald Fennell (Promising Young Woman, Saltburn) putting her own spin on Emily Bronts Wuthering HeightsThe Definition of What an IMAX Movie Is ExpandsIn 2023, Christopher McQuarrie and Tom Cruises wildly entertaining Mission: Impossible Dead ReckoningOppenheimer, a talky, three-hour, R-rated drama about apocalyptic weapons of mass destruction. So the choice was made that an action movie could debut without the premium IMAX format.Lets just say in 2025 theres a reason Mission: Impossible The Final ReckoningOppenheimer, it provides new tools to filmmakers who want to paint on a larger canvas.So its exciting to hear that as Nolan gears up to shoot his next epic, an adaptation of Homers The Odyssey, he and cinematographer Hoyte van Hoytema are pioneering new ways and enhancements to existing IMAX cameras in order to take them to sea. However, its just as exciting to hear that the New Year will see the Canadian IMAX company debut four more IMAX cameras. For context, there are currently only eight 65mm film IMAX cameras in use around the world. This means the number of film productions that can shoot in IMAX will increase from from one to two at any given time, potentially doubling the number of celluloid IMAX movies released in a calendar year.In a modern film industry where audiences are more inclined to show up in a theater for an IMAX release, this is good news. And more IMAX cameras (hopefully) also means our definition of what an IMAX movie can expand. It already began a few years ago when Nolan became the first director to shoot a pensive, character-driven adult drama in the format usually associated with big studio blockbusters. And just as Nolan being the first Hollywood director to tackle using this technology in the realm of superheroes and action movies via The Dark Knight in 2008, wed love to see 2025 have more filmmakers following in Nolans footsteps by telling sweeping adult-oriented stories in the IMAX format, complete with 65mm lenses.We admit this could be woefully naive since the IMAX company ultimately decides which films get to use their camerasand the safer bet for them as well as studios is on blockbusters. But Oppenheimer proves the definition of what a blockbuster is might be expanding in the decade after COVID, and there are other directors outside of Nolan who could have the cache to eventize a film. Imagine Greta Gerwigs next film after Narnia being marketed as a movie shot in IMAX; or Coogler; or Eggers; or Jordan Peele. Brady Corbets brooding drama The Brutalist is a vision and Oscar contender in 70mm. Maybe his next three-hour epic could play on IMAX screens for longer than a handful of days if it was shot in the format?It Is Confirmed James Bond Will Return SoloIts been more than three years since Daniel Craig hung up the tuxedo in fiery fashion during No Time to Die. Yet there is still no new Bond movie in development, announced, or even cast. There were almost four years exactly between Pierce Brosnans last outing as 007 in 2002 and Craigs debut in 2006, but at this rate, that much time will likely pass without audiences even getting to speculate about the next guy in the suit.Recently, we seemed to learn why. According to The Wall Street Journal, big tech behemoth and the new owner of MGM, Amazon, has been pushing the rightsholders of the James Bond character, Eon Productions heads Barbara Broccoli and Michael G. Wilson, into expanding 007 into a bonafide cinematic universe. Reportedly pitches included a Moneypenny streaming series on Prime Video and spinoff movies about other 00 agents. One wonders why not a return of childrens cartoon James Bond Jr. while theyre at it?Apparently, Broccoli has so far said absolutely not and allegedly called Amazon execs pushing for supersizing 007 fucking idiots.Good for her. While things have certainly dragged into the longer side at this point between No Time to Die and announcements regarding what could be called James Bond 26, weve mostly enjoyed the pause, even writing there is something refreshingly retro about having to wait years instead of months or weeks for the next installment in a franchise. There is a quasi-bespoke, handcrafted quality to Eons Bond films, whether perceived or real. They certainly remain a family business which in the world of modern streaming services and tech mergers feels as antiquated as an artisanal shop where James might pick up his suits or caviar.Its also fair to note the James Bond movies are among the oldest of modern movie franchises, one which has shamelessly recycled plots and concepts time and again. But the relative rarity with which they do so makes each return charming and like a visit from an old friend. The thought of that occasional fondness being ground to powder by ceaseless corporate exploitationas with what happened to Star Wars vanished splendor after five movies and 10 TV shows inside of a decadeis frankly distasteful. And the thing about James is his taste is impeccable.A Superman Movie That Sticks the Landing in This CenturyFinally, we cannot look forward to 2025 and not think about the caped elephant in the room. This year indeed feels like a make or break one for superhero movies. Two years ago proved that the genres popularity has limits after a string of flops were released between the now defunct DCEU and the MCU (with the lions share on the DC side of the street). But 2024 showed its popularity is still strong if you make a movie folks dig, a la Deadpool & Wolverine.2025 is thus a chance to see how Marvel and the newly rechristened DC Studios will transition into the next 10 years, beginning perhaps most crucially with a new Superman actor and continuity being launched in James Gunns Superman reboot due out in July. We could bore you here by repeating how much financially and creatively is riding on a film that is supposed to introduce Gunns vision for the new DC Universe going forward. But we really just want to take a breath and say all we hope for is a great Superman movie. Even a good one would be a nice change of pace, because in spite of the guy in the red cape being one of the most recognizable and beloved superheroes ever created, Kal-El has proven remarkably challenging to translate to the big screen in this century. It is yet another testament to Christopher Reeve and Richard Donner that they made it look effortless in 1978, as we were happily reminded of last year in the excellent Super/Man documentary about Reeves life.Yet while every Superman-adjacent movie released since 2006s Superman Returns had at least one standout sequence, casting, or Hans Zimmer score to recommend it, none of them have made the character fly back into our hearts. And the thing about Superman is he should soar there. Judging by all the goodwill generated from the Superman trailer, it seems a lot of other people out there are ready to believe a man can fly again. Let this be the year that he does.

The iPhone 16 is still banned from sale in Indonesia, despite Apple promising to invest a billion dollars in the countrys economy.Apple had initially had offers of first $10M and then $100M rejected by the Indonesian government, before offering a cool billion dollars worth of manufacturing which is exactly what the country demanded The saga so farThe governments of populous countries are getting increasingly savvy about seeking a quid pro quo for giving Apple access to their markets, demanding inward investment in return.For example,Indiafamously refused permission for Apple stores in the country until the iPhone maker set up large-scale manufacturing within the country.Indonesia started out with a more modest demand for Apple to invest $109M ina developer academy there, with a further $10M manufacturing spend.However, when this target wasnt quite hit, the government upped the ante dramatically. Itbanned the iPhone 16 from sale, and demanded afarlarger investment.Apple initially offered $100M, but the government said that wasnt enough. It then said it wanteda billion dollar manufacturing spendin the country. We heard last month thatApple had agreed to this, and it was subsequently revealed that this would take the form of large-scale AirTag manufacturing.Government rejects billion dollar dealHowever, despite Apple agreeing to the request sum, Reuters reports that the government still refuses to un-ban the iPhone 16 for a bizarre reason.That reason? Indonesia now specifically insists that Apple manufacture iPhone parts in the country; AirTags dont count.Minister Agus Gumiwang Kartasasmita said Apple had struck a deal to build a facility producing its Airtag tracking device on Indonesias Batam island, close to Singapore, but that still would not count as a locally-made iPhone part.There is no basis for the ministry to issue a local content certification as a way for Apple to have the permission to sell iPhone 16 because (the facility) has no direct relations, he said, adding the ministry would only count phone components.9to5Macs TakeIndonesia was already playing hardball here. The government could have threatened to ban iPhone sales unless Apple agreed to its demands, and perhaps implemented the ban during negotiations to show that it was serious and to accelerate the process. Instead, it imposed a ban as its opening move.Its no surprise that the country wanted a decent chunk of investment by Apple. Indonesia is the fourth most populated country in the world, behind China, India, and the USA. It has seen the Indian government successfully pressure Apple into making massive manufacturing investments there, and figured it also deserved a decent slice of the pie in return for access to its market of 284M people.But one might wonder why it cares what is made there? A billion dollars of AirTag production spends just like a billion dollars of iPhone component production. My theory is that it is playing a high-stakes poker game. It wanted Apple to first commit to the AirTag plant, and then play the iPhone card to obtain even greater investment.Ultimately, Indonesia is likely to win. It may or may not get another billion dollars, but with so many potential iPhone 16 customers at stake, Apple will for sure offer something more.Photo byAlimonUnsplashAdd 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Jan 08, 2025The Hacker NewsMalware Analysis / Threat Intelligence2024 had its fair share of high-profile cyber attacks, with companies as big as Dell and TicketMaster falling victim to data breaches and other infrastructure compromises. In 2025, this trend will continue. So, to be prepared for any kind of malware attack, every organization needs to know its cyber enemy in advance. Here are 5 common malware families that you can start preparing to counter right now.LummaLumma is a widely available malware designed to steal sensitive information. It has been openly sold on the Dark Web since 2022. This malware can effectively collect and exfiltrate data from targeted applications, including login credentials, financial information, and personal details.Lumma is regularly updated to enhance its capabilities. It can log detailed information from compromised systems, such as browsing history and cryptocurrency wallet data. It can be used to install other malicious software on infected devices. In 2024, Lumma was distributed through various methods, including fake CAPTCHA pages, torrents, and targeted phishing emails.Analysis of a Lumma AttackProactive analysis of suspicious files and URLs within a sandbox environment can effectively help you prevent Lumma infection. Let's see how you can do it using ANY.RUN's cloud-based sandbox. It not only delivers definitive verdicts on malware and phishing along with actionable indicators but also allows real-time interaction with the threat and the system.Take a look at this analysis of a Lumma attack.ANY.RUN lets you manually open files and launch executablesIt starts with an archive which contains an executable. Once we launch the .exe file, the sandbox automatically logs all processes and network activities, showing Lumma's actions.Suricata IDS informs us about a malicious connection to Lumma's C2 serverIt connects to its command-and-control (C2) server. Malicious process responsible for stealing data from the systemNext, it begins to collect and exfiltrate data from the machine.You can use the IOCs extracted by the sandbox to enhance your detection systemsAfter finishing the analysis, we can export a report on this sample, featuring all the important indicators of compromise (IOCs) and TTPs that can be used to enrich defenses against possible Lumma attacks in your organization.Try all features of ANY.RUN's Interactive Sandbox for free with a 14-day trialXWormXWorm is a malicious program that gives cybercriminals remote control over infected computers. First appearing in July 2022, it can collect a wide range of sensitive information, including financial details, browsing history, saved passwords, and cryptocurrency wallet data. XWorm allows attackers to monitor victims' activities by tracking keystrokes, capturing webcam images, listening to audio input, scanning network connections, and viewing open windows. It can also access and manipulate the computer's clipboard, potentially stealing cryptocurrency wallet credentials. In 2024, XWorm was involved in many large-scale attacks, including ones that exploited CloudFlare tunnels and legitimate digital certificates.Analysis of a XWorm AttackPhishing emails are often the initial stage of XWorm attacksIn this attack, we can see the original phishing email, which features a link to a Google drive.A Google Drive page with a download link to a malicious archiveOnce we follow the link, we are offered to download an archive which is protected with a password.Opened malicious archive with a .vbs fileThe password can be found in the email. After entering it, we can access a .vbs script inside the .zip file. XWorm uses MSBuild.exe to persist on the systemAs soon as we launch the script, the sandbox instantly detects malicious activities, which eventually lead to the deployment of XWorm on the machine.AsyncRATAsyncRAT is another remote access trojan on the list. First seen in 2019, it was initially spread through spam emails, often exploiting the COVID-19 pandemic as a lure. Since then, the malware has gained popularity and been used in various cyber attacks.AsyncRAT has evolved over time to include a wide range of malicious capabilities. It can secretly record a victim's screen activity, log keystrokes, install additional malware, steal files, maintain a persistent presence on infected systems, disable security software, and launch attacks that overwhelm targeted websites.In 2024, AsyncRAT remained a significant threat, often disguised as pirated software. It was also one of the first malware families to be distributed as part of complex attacks involving scripts generated by AI.Analysis of an AsyncRAT AttackThe initial archive with an .exe fileIn this analysis session, we can see another archive with a malicious executable inside.A PowerShell process used for downloading a payloadDetonating the file kicks off the execution chain of XWorm, which involves the use of PowerShell scripts to fetch additional files needed to facilitate the infection.Once the analysis is finished, the sandbox displays the final verdict on the sample.RemcosRemcos is a malware that has been marketed by its creators as a legitimate remote access tool. Since its launch in 2019, it has been used in numerous attacks to perform a wide range of malicious activities, including stealing sensitive information, remotely controlling the system, recording keystrokes, capturing screen activity, etc.In 2024, campaigns to distribute Remcos used techniques like script-based attacks, which often start with a VBScript that launches a PowerShell script to deploy the malware, and exploited vulnerabilities like CVE-2017-11882 by leveraging malicious XML files.Analysis of a Remcos AttackPhishing email opened in ANY.RUN's Interactive SandboxIn this example, we are met with another phishing email that features a .zip attachment and a password for it.cmd process used during the infection chainThe final payload leverages Command Prompt and Windows system processes to load and execute Remcos.MITRE ATT&CK matrix provides a comprehensive view of the malware's techniquesThe ANY.RUN sandbox maps the entire chain of attack to the MITRE ATT&CK matrix for convenience. LockBitLockBit is a ransomware primarily targeting Windows devices. It is considered one of the biggest ransomware threats, accounting for a substantial portion of all Ransomware-as-a-Service (RaaS) attacks. The decentralized nature of the LockBit group has allowed it to compromise numerous high-profile organizations worldwide, including the UK's Royal Mail and India's National Aerospace Laboratories (in 2024).Law enforcement agencies have taken steps to combat the LockBit group, leading to the arrest of several developers and partners. Despite these efforts, the group continues to operate, with plans to release a new version, LockBit 4.0, in 2025.Analysis of a LockBit AttackLockBit ransomware launched in the safe environment of the ANY.RUN sandboxCheck out this sandbox session, showing how fast LockBit infects and encrypts files on a system.ANY.RUN's Interactive Sandbox lets you see static analysis of every modified file on the systemBy tracking file system changes, we can see it modified 300 files in less than a minute.Ransom note tells victims to contact attackersThe malware also drops a ransom note, detailing the instructions for getting the data back.Improve Your Proactive Security with ANY.RUN's Interactive SandboxAnalyzing cyber threats proactively instead of reacting to them once they become a problem for your organization is the best course of action any business can take. Simplify it with ANY.RUN's Interactive sandbox by examining all suspicious files and URLs inside a safe virtual environment that helps you identify malicious content with ease. With the ANY.RUN sandbox, your company can:Swiftly detect and confirm harmful files and links during scheduled checks.Investigate how malware operates on a deeper level to reveal its tactics and strategies.Respond to security incidents more effectively by collecting important threat insights through sandbox analysis.Try all features of ANY.RUN with a 14-day free trial.Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Jan 08, 2025Ravie LakshmananMalware / VulnerabilityA Mirai botnet variant has been found exploiting a newly disclosed security flaw impacting Four-Faith industrial routers since early November 2024 with the goal of conducting distributed denial-of-service (DDoS) attacks.The botnet maintains approximately 15,000 daily active IP addresses, with the infections primarily scattered across China, Iran, Russia, Turkey, and the United States.Exploiting an arsenal of over 20 known security vulnerabilities and weak Telnet credentials for initial access, the malware is known to have been active since February 2024. The botnet has been dubbed "gayfemboy" in reference to the offensive term present in the source code.QiAnXin XLab said it observed the malware leveraging a zero-day vulnerability in industrial routers manufactured by China-based Four-Faith to deliver the artifacts as early as November 9, 2024.The vulnerability in question is CVE-2024-12856 (CVSS score: 7.2), which refers to an operating system (OS) command injection bug affecting router models F3x24 and F3x36 by taking advantage of unchanged default credentials.Late last month, VulnCheck told The Hacker News that the vulnerability has been exploited in the wild to drop reverse shells and a Mirai-like payload on compromised devices.Some of the other security flaws exploited by the botnet to extend its reach and scale include CVE-2013-3307, CVE-2013-7471, CVE-2014-8361, CVE-2016-20016, CVE-2017-17215, CVE-2017-5259, CVE-2020-25499, CVE-2020-9054, CVE-2021-35394, CVE-2023-26801, CVE-2024-8956, and CVE-2024-8957.Once launched, the malware attempts to hide malicious processes and implements a Mirai-based command format to scan for vulnerable devices, update itself, and launch DDoS attacks against targets of interest.DDoS attacks leveraging the botnet have targeted hundreds of different entities on a daily basis, with the activity scaling a new peak in October and November 2024. The attacks, while lasting between 10 and 30 seconds, generate traffic around 100 Gbps.The disclosure comes weeks after Juniper Networks warned that Session Smart Router (SSR) products with default passwords are being targeted by malicious actors to drop the Mirai botnet malware. Akamai has also revealed Mirai malware infections that weaponize a remote code execution flaw in DigiEver DVRs."DDoS has become one of the most common and destructive forms of cyber attacks," XLab researchers said. "Its attack modes are diverse, attack paths are highly concealed, and it can employ continuously evolving strategies and techniques to conduct precise strikes against various industries and systems, posing a significant threat to enterprises, government organizations, and individual users."The development also comes as threat actors are leveraging susceptible and misconfigured PHP servers (e.g., CVE-2024-4577) to deploy a cryptocurrency miner called PacketCrypt.Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Drew Firment, Chief Cloud Strategist, PluralsightJanuary 8, 20254 Min ReadPixabaySpurred by the rapid adoption of generative AI, cloud computings 20% year-over-year growth is driving its status as todays default operating model. However, the workforce skills gap has many organizations struggling to leverage the clouds full potential. While security and cost controls are key challenges to cloud adoption, the skills gap continues to vex enterprises seeking to maximize their investments in cloud computing, as more than 75% of organizations have abandoned projects due to skills gaps.Many companies hire new talent to address the cloud skills gap, which is only a temporary solution. To implement a sustainable transition to the cloud, leaders must adopt a long-term strategic approach to upskill existing employees with a comprehensive workforce development plan. Continuous learning programs can help companies close their cloud computing skills gap and evolve the workforce to stay ahead of technology. These programs should also include non-technical employees to ensure enterprise-wide cloud literacy.Impact of AI and the Cloud on Security, Compliance, and UpskillingAIs rapid evolution and influence on the cloud are game changers for businesses innovation and management of the complex security and compliance landscapes that come with this shift. Addressing these challenges through upskilling is vital to ensuring companies can navigate the new era of AI and cloud computing confidently and securely.Related:Companies can use AI to automate routine tasks, improve customer experiences through chatbots and recommendations, and analyze large datasets to derive actionable insights. AI also helps cloud environments to be more adaptive and self-optimizing, enabling them to scale based on real-time demand and usage patterns. This integration of AI and the cloud enhances efficiency and innovation but also creates new challenges related to security, compliance, and the need for specialized skills.AI can be a powerful tool to enhance cloud security through advanced threat detection and real-time risk analysis. However, using AI in cloud systems makes these environments more complex, creating more entry points for potential security threats. AI-driven systems that are not properly secured could become targets for malicious actors seeking to exploit vulnerabilities. For example, adversarial AI techniques in which data is manipulated to deceive AI models are an emerging threat to cloud security.To mitigate these risks, businesses need cloud security professionals with expertise in both cloud infrastructure and AI-driven tools. These professionals must know how to use AI to strengthen security measures while also being vigilant about the unique security challenges that AI introduces. Through continuous learning and targeted upskilling programs, organizations can equip their workforce with the knowledge needed to navigate these challenges and unlock the full potential of AI and the cloud.Related:Upskilling Teams, Optimizing Cloud Usage, and AlignmentAcross industries, the cloud is now table stakes, but its successful adoption requires more than just implementing a cloud infrastructure. It demands a holistic approach that optimizes cloud usage and aligns its strategies with business objectives. When done right, cloud computing allows teams to enhance agility and speed, drive innovation, and improve cross-team collaboration. To operationalize cloud computing effectively, businesses must focus on leadership and organizational alignment, cloud governance and security, and continuous upskilling of employees.Cloud adoption should be an integral part of the businesss overall strategy rather than an isolated IT initiative. Key considerations include creating a cloud-first mindset and culture across the organization, from leadership to front-line employees. By utilizing the cloud, organizations can pivot quickly based on market conditions and leverage data analytics and AI to make more informed, data-driven decisions.Related:Cloud computing is a highly specialized skill that requires a deep understanding of cloud platforms, security, DevOps practices, and data management. Training that includes AWS, Microsoft Azure, or Google Cloud certifications helps employees stay current on the latest cloud technologies and best practices. As cloud computing affects many aspects of a business, from IT and development teams to marketing and operations, a cross-functional collaboration ensures that cloud capabilities are utilized as effectively as possible across the enterprise.Fostering a Culture of Continuous LearningAs the cloud continues to evolve, the need for workforces with the skills to use it will intensify. To remain competitive, organizations must foster a culture in which employees are empowered to update their skills through a mix of formal training, hands-on experience, and knowledge sharing.Organizations that fail to address the skills gap risk falling behind in the race to leverage cloud technologies effectively. By investing in cloud training programs, certifications, and continuous learning, businesses can ensure they have the talent to innovate, scale, and secure their operations in the cloud.About the AuthorDrew FirmentChief Cloud Strategist, PluralsightDrew Firment works closely with business and technology leaders to accelerate cloud adoption by migrating talent to the cloud. Drew was previously Director of Cloud Engineering at Capital One where he led enterprise cloud operations within their Cloud Center of Excellence and migrated the early adopters of Amazon Web Services (AWS) into production. He founded Capital One's cloud engineering college that drove a large-scale talent transformation and earned a patent for measuring cloud adoption and maturity. Drew is recognized by Amazon as an AWS Community Hero for his ongoing efforts to build inclusive and sustainable learning communities.See more from Drew FirmentNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also LikeWebinarsMore WebinarsReportsMore Reports

Time zones: EST (UTC -5), CST (UTC -6), MST (UTC -7), PST (UTC -8), ART (UTC -3), UTC -4, UTC -4:30, UTC -3, UTC -2, SBT (UTC +11), GMT (UTC +0), CET (UTC +1), EET (UTC +2), MSK (UTC +3), AST (UTC -4), NST (UTC -3:30), JST (UTC +9), CST (UTC +8), WIB (UTC +7), MMT (UTC +6:30), BST (UTC +6), NPT (UTC +5:45), IST (UTC +5:30), UZT (UTC +5), IRDT (UTC +4:30), GST (UTC +4), LINT (UTC +14), TOT (UTC +13), CHAST (UTC +12:45), LHST (UTC +10:30), AEST (UTC +10), ACST (UTC +9:30), ACWST (UTC +8:45), MART (UTC -9:30), NUT (UTC -11)Are you a talented Senior Developer looking for a remote job that lets you show your skills and get decent compensation? Look no further than Lemon.io the marketplace that connects you with hand-picked startups in the US and Europe.What we offer:Earn $5k$8k monthly: the rate depends on your seniority level, skills and experience. We've already paid out over $11M to our engineers.No more hunting for clients or negotiating rates let us handle the business side of things so you can focus on what you do best.We'll manually find the best project for you according to your skills and preferences.Choose a schedule that works best for you. Its possible to communicate async or minimally overlap within team working hours.We respect your seniority so you can expect no micromanagement or screen trackers.Communicate directly with the clients. Most of them have technical backgrounds. Sounds good, yeah?We will support you from the time you submit the application throughout all cooperation stages.Most of our projects involve working in a fast-paced startup environment. We hope you like it as much as we do.Through our community, we will connect you with the best developers from more than 50 countries.Requirements:4+ years of software development experience.3+ years of commercial experience with Angular3+ years of commercial experience with .NETHands-on experience with Vue.js, TypeScript, Azure would be a plusStrong technical skills: as a Senior Developer, you are expected to be able to create projects from scratch and have a deep understanding of application architecture.Clear and effective communication in English advanced ability to discuss business tasks, justify decisions, and communicate issues. Good self-presentation is also essential for upcoming client calls.Strong self-organizational skills ability to work full-time remotely with no supervision.Reliability we want to trust you and expect that you wont let us and the client down.Adaptability and Flexibility the ability to onboard the project promptly after accepting it and start delivering results quickly.Sounds good for you? Apply now and join the Lemon.io community!NOT YOUR TECH STACK?We have different projects for Senior Developers, so if you have 4+ years of commercial experience in software development and you are fluent with React & Node.js, React & Python, AI Engineering, Android & iOS we would be happy to communicate and provide you with a project that matches your experience. Just apply, and we will share more details with you.If your experience matches our requirements, be ready for the next steps:VideoAsk watch a short video about our startup, up to 10 minutesComplete your profile on our website30-minute screening callTechnical interviewFeedbackMagic Box (we are looking for the best project for you).P.S. We work with developers from 50+ countries in different regions: Europe, LATAM, Asia (Philippines, Indonesia), Oceania (Australia, New Zealand, Papua New Guinea), Canada, and the UK. However, we have some exceptions.At the moment, we dont have a legal basis to accept applicants from the following countries:European: Iceland, Liechtenstein, Kosovo, Belarus, Russia, and Serbia.Latin America: Cuba and NicaraguaMost Asian countries and Africa.We expand and shorten the list of exemptions regularly.Do you represent a company with engineers who match the description and want to collaborate with us through staff augmentation? Then register here.

Time zones: ART (UTC -3), UTC -3, UTC -2, GMT (UTC +0), CET (UTC +1), EET (UTC +2), MSK (UTC +3), FKST (UTC -3), CEST (UTC +2), BST (UTC +1), CVT (UTC -1), WAT (UTC +1), SAST (UTC +2), EAT (UTC +3)We start with the cliff notes about the position. If this appeals to you, continue reading for a longer text version about us and working at Silverfin further down. At Silverfin, we're an equal opportunity employer and value diversity at our company. We do not discriminate based on race, religion, colour, national origin, gender, sexual orientation, age, marital status, or disability status.Although we know were not perfect yet, we are working hard on it and are always open to your feedback.According to our vision to build a diverse, equitable, and inclusive organisation, our policy is to only start the interviewing process once underrepresented groups are sufficiently present in the list of candidates applying for the position. For this reason, its possible interviews will get slightly delayed until weve reached that goal.We're committed to elevating talent by creating an environment where we can all thrive together. So if you think you have what it takes, but don't necessarily check every single box, please consider applying. We'd love to hear how you might contribute to our mission and our team.What can we offer you?Join a distributed remote-first engineering team with 40 colleagues in 14 different countriesA refreshing work environment with professional, friendly, and welcoming peersActual, proper work-life balanceA salary range of 112.000 - 169.000 a yearFlexible working hours and 100% remote workParticipation in our Leadership Development Program and opportunities for personal growth and mentoringA 1200 yearly budget for conferences, courses, workshops, or other expenses that will improve your skillsTwo engineering retreats per year, somewhere in EuropeMonthly Company-wide Wellbeing Days off (Reviewed Annually)What are we looking for?You have at least 2 years of leadership experienceYoure up for managing and mentoring an engineering teamYou have recent experience as a Senior Software EngineerYou know or are interested in learning Ruby on RailsYou're interested in getting to know our customers to find the best solution for a given challenge.You're aware of the trade-offs involved in proper engineering and can make balanced business decisions, keeping in mind all the stakeholders of the project.You can communicate clearly in English, both verbally and in writing.Those were the cliff notes. In the next sections, we're going to dive a little bit deeper into explaining who we are and the teams that make up Silverfin Engineering.What does a Silverfin Engineering Lead do?As an engineering team lead, you're going to manage, inspire, and mentor a team of engineers to foster a culture of innovation, collaboration, and continuous improvement. You will furthermore act as the cohesive force between your team, the Engineering department, and the company as a whole. Operating in a "player-coach" model, you balance hands-on contributions with team management.Live the [Silverfin values](https://silverfin.com/careers/) and be a role model for the individual contributorsCollaborate with and support your fellow team leads (we're big believers in a well-aligned Team Number 1)Make sure your team is aligned with the other engineering teams and the rest of the organisation, focusing on the highest business prioritiesLead and mentor the team while closely coordinating with the product manager Embrace the "player-coach" model, with a significant portion of your time dedicated to direct technical contributionsHelp with discovery and delivery of the best way to solve a customer or business problemHelp with maintenance and support of existing functionalityWhats a Silverfin?At Silverfin, we apply the promise of software to the age-old industry of accounting. With our SaaS, were automating a large chunk of the busywork that accountants are currently handling manually and are building new tools so they can provide better services to their customers. We aim to optimise their workflow in such a way that accountants can spend more time on the much more impactful and rewarding work of advising their customers, the business owners.The good news is were succeeding in doing exactly that. Every week, more than 15.000 financial service professionals use Silverfin to help and advise more than 400.000 businesses. Our customers adore us! The even better news is theres still plenty left to work on, and thats where we hope you come in.Since November 2023, we are proudly part of Visma - the European leader in mission-critical cloud software, enjoying the power of the Visma brand and resources whilst retaining business autonomy and go-to-market freedom.What does working at Silverfin look like?Our product teams are cross-functional teams, with engineering, product design, and product management represented. They work very close to the users, trying to understand their problems and then discovering and implementing solutions that add the most value. We believe in very close collaboration between the three perspectives as early in the process as possible. The product teams are supported by other teams that provide core services, maintain complicated subsystems, or possess specialised expertise.We're proud of our in-house AI team, which is focused on the application of the newest developments in machine learning to address our users' most important challenges. Were pretty far on that journey already, since we have multiple AI-powered features that are solving actual client problems and are commercially successful.Our CloudOps team ensures things run smoothly and will happily work with you when issues arise. Were enthusiastic followers of the DevOps mindset, which means ops and developers work together to solve problems and empower each other to be self-sufficient, instead of throwing problems over the wall to the other side.We run an up-to-date Rails monolith on the backend, with PostgreSQL and Redis for persistence and caching, and everything is running on a Kubernetes cluster in Google Cloud. Our daily tools include GitLab, Quip, and Slack, with Google Meet as our remote conferencing tool of choice.No code gets deployed without a review by a peer, and testing is a must. Our pipeline automates deployment when the suite is green, and deploys happen dozens of times a day. Each team is currently doing Kanban, but theyre free to follow whatever process suits them best. There are regular retros held to work towards continuous improvement.Software for accountants is not considered to be very exciting, but we have our fair share of technical challenges. To give you a sense of scale: in our biggest stack, our database exceeds 17TB*, and our largest table has crossed the 10 billion row mark a long while back. We run stacks on multiple continents, and we interface with more than 30 different external APIs and provide third parties with an API of our own.*: Our CloudOps team noted that this actually isnt that hard to achieve if youre just indexing everything, but it still sounds impressive, right?What makes the engineering team at Silverfin special?Were a remote-first engineering team of 40 people distributed in 14 different countries over two continents. A priority for us is maintaining proper work-life balance. We avoid meetings as much as possible, accept deadlines only when absolutely necessary, and never expect anyone to work longer hours than theyve signed up for. A day in our working lives is pretty boring, and we feel thats exactly how it should be.Working with us means you can be flexible with your schedule. Its OK to disappear for a few hours in the middle of the day to run some errands, get a haircut, pick up the kids - whatever reason, you dont need to explain yourself. You also fully decide when you take time off: our team is sufficiently varied and well organised that there are always enough people around to handle the load, and in the rare cases its not, we will decrease the load instead of asking people to move their holiday.Being remote-first means we favour asynchronous communication. We dont shy away from chatting in Slack, but the important decisions or discussions are done in Gitlab issues, over email, or in Quip, our central wiki, so theres a written, persisted record. Were mindful of maintaining long chunks of focused time, which means we avoid @-mentions or PMs on Slack, and other triggers and interrupts. We encourage using Slacks DnD function, especially when youre not working!Wed be really happy to welcome you in our #engineering channel, but its not just virtual: we make sure we regularly get to see each other in real life too. Twice a year we fly the whole engineering team to a different location in Europe, and at least once a year we join up with the rest of the company so we can spend some time together with the other departments.What does your future look like?Personal growth is key to staying motivated. As a manager in Silverfin you will participate in our initial Leadership Development Program and regular Leadership Days. Of course, your manager is there for mentoring and coaching you in your role as well. In addition to that, everybody gets a 1200 yearly budget to spend on conferences, courses, workshops, or other training to improve their skills and level up. This also includes accommodation and travel costs. If the conference is on a workday, youll get paid like any normal day.RequirementsYou have at least 2 years of experience leading a teamYou have recent experience as a Senior Software EngineerYou know or are interested in learning Ruby on RailsYour work hours have some overlap with EU business hours (we require your local timezone to be within CET +/- 3h)You can communicate clearly in English, both in writing and verballyNice to havesThese would be nice but are definitely not necessary. Dont worry if none of the following applies to you.Experience with Ruby on RailsExperience as a remote worker in a fully remote teamExperience working with large datasets and the problems they bringExperience in API design is a strong plusSome experience using Javascript framework(s)Experience in FintechAccounting knowledge Related Jobs See more Back-End Programming jobs

Time zones: ART (UTC -3), UTC -3, UTC -2, GMT (UTC +0), CET (UTC +1), EET (UTC +2), MSK (UTC +3), FKST (UTC -3), CEST (UTC +2), BST (UTC +1), CVT (UTC -1), WAT (UTC +1), SAST (UTC +2), EAT (UTC +3)We start with the cliff notes about the position. If this appeals to you, continue reading for a longer text about working at Silverfin and your role At Silverfin, we're an equal opportunity employer and value diversity at our company. Although we know were not perfect yet, we are working hard on it and always open for your feedback.According to our vision to build a diverse, equitable and inclusive organisation, our policy is to only make a final hiring decision if underrepresented groups are sufficiently represented in the list of candidates applying for the position. For this reason its possible interviews get slightly delayed until weve reached that goal.We're committed to elevating talent by creating an environment where we can all thrive together. So if you think you have what it takes, but don't necessarily check every single box, please consider applying. We'd love to hear how you might contribute to our mission and our team.What can we offer you?Actual, proper work-life balanceA salary range of 99.000 - 134.000 a yearFlexible working hours and work 100% remotelyPersonal growth training and opportunitiesJoin a distributed remote-first engineering team with 40 colleagues in 14 different countries on two continentsA refreshing work environment with professional, friendly and welcoming colleaguesA 1200 yearly budget for conferences, courses, workshops or other expenses that will improve your skillsTwo engineering retreats per year, somewhere in EuropeTen company-wide Wellbeing Days per year for all employees (once a month, except in July and August)What will you work on?Building and maintaining integrations with accountancy software packages and APIsImproving and expanding our on-premise Ruby CLI/service which runs on hundreds of our customers systemsWork on user facing functionalitiesHelp with discovery and delivery of a solution for user or business problemsWhat are we looking for?Youre experienced in both Ruby and Rails, and also understand where the boundaries lie between them. You can code in Ruby without any of Rails training wheels if necessary.You have some experience using Javascript framework(s), understand the value of them, but also know when plain Javascript is enough.You enjoy integrating with APIs and arent easily dissuaded when encountering unreliable or poorly documented systems.You code with reason and can justify the important decisions you made during development.You can communicate clearly in English, both in writing and verbally.Youre up for mentoring coworkers and can give in-depth, productive feedback during code reviews. While you appreciate the small stuff, you recognise bike-shedding and can avoid its pitfalls.You know and can apply best practices when relevant. That means the usual like version control, testing, and refactoring; but also higher level concepts such as good object oriented design.You're aware of the trade-offs involved in proper engineering and can make balanced business decisions, keeping in mind all the stakeholders of the project.Youve got opinions on code design and you can discuss them, but youre professional enough to not let those opinions get in the way of a consensus if necessary.If youre any good at Ruby, this is probably not the first job ad youve seen, so weve done our best to stand out while also accurately presenting what were all about. If it sounds like you would enjoy working with us, dont hesitate to apply or drop us a line with questions on [emailprotected], or read on for the more detailed explanation ..Whats a Silverfin?At Silverfin were trying to apply the promise of software to the age-old industry of accounting. With our SaaS were automating a large chunk of the busy-work that accountants are currently handling manually, and are building new tools so they can provide better services to their customers. We aim to optimise their workflow in such a way that accountants can spend more time on the much more impactful and rewarding work of advising their customers, the business owners.The good news is were succeeding in doing exactly that. Every week more than 15.000 financial service professionals use Silverfin to help and advise more than 400.000 businesses. Our customers adore us! The even better news is theres still plenty left to work on, and thats where we hope you come in.Since November 2023 we are proudly part of Visma - the European leader in mission-critical cloud software, enjoying the power of the Visma brand and resources whilst retaining business autonomy and go-to-market freedom.Whats Team Syncs?One of the cornerstones of the Silverfin platform is the integration with bookkeeping software that accountants already work with, which allows us to seamlessly import their accounting data. We currently have integrations with over 40 different vendors, and we want to add more as we expand to different markets.Team Syncs is the team responsible for creating, maintaining and improving these integrations. Some APIs we need to use are poorly designed, badly documented or unreliable, and it can be challenging to build a robust integration. Yet solving those puzzles, and empowering our customers by importing gigabytes of data from their clunky bookkeeping software, makes it all worth it. Because once the data is in Silverfin, it's connected, standardised and can be easily worked with, which is what it's all about. If you're a tinkerer, love working with APIs and thrive in the face of uncertainty, this might be for you.What are the things you'll be working on?Improve the stability, performance and infrastructure cost of dozens of our current 3rd party integrations, through usage of different distributed systems patternsPractise your modelling & refactoring skills. You'll have the opportunity to think about solutions that will be applied in over 40 of our integrationsHelp design & build the new generic API based on more than a decade of our experience with building custom solutions for bookkeeping softwareRare opportunity to work on a CLI/service application which is currently deployed on hundreds of our customers' serversWhat does working at Silverfin look like?There are seven engineering teams working together to deliver the best value for our customers. Several product teams, collaborating closely with product managers and product designers, are solving customer facing problems. The other, more platformy teams, own complex subsystems, like syncs or AI, and or support the product teams with knowledge, frameworks and services.Our ops team ensures things run smoothly, deploys happen correctly, and will work with you when issues should arise. Were enthusiastic followers of the devops mindset, which means ops and developers work together to solve problems, and empower each-other to be self-sufficient, instead of throwing problems over the wall to the other side.We run an up-to-date Rails monolith on the backend, with PostgreSQL and Redis for persistence and caching, and everything is running on a Kubernetes cluster in Google Cloud. Our daily tools include GitLab, Quip and Slack, with Google Meet as our remote conferencing tool of choice.No code gets deployed without a code-review by a peer and testing is a must. Our pipeline automates deployment when the suite is green, and deploys happen dozens of times a day. Each team is currently doing Kanban, but theyre free to follow whatever process suits them best. There are regular retros held to work towards continuous improvement.Software for accountants is not considered to be very exciting, but we have our fair share of technical challenges. To give you a sense of scale: our database exceeds 17TB*, and our largest table has crossed the 10 billion row mark a long while back. We interface with more than 40 different external APIs, and provide third parties an API of our own.*: Our ops team noted that this actually isnt that hard to achieve if youre just indexing everything, but it still sounds impressive, right?What makes the engineering team at Silverfin special?Were a remote-first engineering team of 40 people distributed in 14 different countries over two continents. A priority for us is maintaining proper work-life balance. We avoid meetings as much as possible, accept deadlines only when absolutely necessary, and never expect anyone to work longer hours than theyve signed up for. A day in our working lives is pretty boring, and we feel thats exactly how it should be.Working with us means you can be flexible with your schedule. Its OK to disappear for a few hours in the middle of the day to run some errands, get a haircut, pick up the kids - whatever reason, you dont need to explain yourself. You also fully decide when you take time off: our team is sufficiently varied and well organised that there are always enough people around to handle the load, and in the rare cases its not, we will decrease the load instead of asking people to move their holiday.Being remote-first means we favour asynchronous communication. We dont shy away from chatting in Slack, but the important decisions or discussions are done in Gitlab issues, over email, or in Quip, so theres a written, persisted record. Were mindful of maintaining long chunks of focussed time, which means we avoid @-mentions or PMs on Slack, and other triggers and interrupts. We encourage using Slacks DnD function, especially when youre not working!Wed be really happy to welcome you in our #engineering channel, but its not just virtual: we make sure we regularly get to see each other in real life too. Twice a year we fly the whole engineering team together to a different location in Europe, and at least once a year we join up with the rest of the company so we can spend some time together with the other departments.What does your future look like?Personal growth is key to staying motivated. At Silverfin you dont need to move to management in order to advance. We see the individual contributor track and the management track as two different growth paths which every engineer can follow and switch between. You can be promoted, including pay raises, as a contributor just like as a manager.Everyone has a 1200 yearly budget to spend on conferences, courses, workshops or other training to improve their skills and level up. This also includes accommodation, travel costs. If the conference is on a workday youll get paid like any normal day.RequirementsYou have at least 4 years of experience working with Ruby, or 2 years of experience with Ruby and 4 years in one or more other programming languagesYou get RailsYou have experience with designing or integrating with APIsYour work hours have some overlap with EU business hours (we require your local timezone to be within CET +/- 3h)You can communicate clearly in English, both written and verballyNice to havesThese would be nice but are definitely not necessary. Dont worry if none of the following applies to you.Experience as a remote worker in a fully remote teamExperience working with large datasets and the problems they bringYou have some experience using Javascript framework(s), understand the value of them, but also know when plain Javascript is enoughExperience in FintechAccounting knowledge