Jan 10, 2025The Hacker NewsNetwork Security / Policy ManagementNetwork segmentation remains a critical security requirement, yet organizations struggle with traditional approaches that demand extensive hardware investments, complex policy management, and disruptive network changes. Healthcare and manufacturing sectors face particular challenges as they integrate diverse endpoints from legacy medical devices to IoT sensors onto their production networks. These devices often lack robust security hardening, creating significant vulnerabilities that traditional segmentation solutions struggle to address.Elisity aims to solve these challenges through an innovative approach that leverages existing network infrastructure while providing identity-based microsegmentation at the network edge. Rather than requiring new hardware, agents or complex network redesigns, Elisity customers run a few lightweight virtual connectors (called Elisity Virtual Edge) to enforce security policies through organizations' current switching infrastructure.In this hands-on review, we'll examine Elisity's technical capabilities and real-world applicability based on testing in a simulated healthcare environment that mirrors common enterprise deployment scenarios. To get a personalized demo, visit the Elisity website here.Identity-First ArchitectureAt the core of Elisity's platform is the Cloud Control Center, which provides centralized policy management and visibility. During testing, we saw how "Elisity's Virtual Edge" components can be deployed either directly on supported switches (Cisco Catalyst 9K series) or as VMs or containers in private clouds or on networks, they integrate with existing network switches including Cisco, Juniper and Arista. The test environment demonstrates that Elisity can manage segmentation at both a series of clinics that connect to the network with Cisco 9300 and 3850 switches, and hospital sites with a Cisco 9300 running the Elisity Virtual Edge on it.The Elisity IdentityGraph engine proves particularly impressive in practice. Beyond just discovering devices, it correlates identity data from multiple sources into what Elisity calls "core effective attributes" - a consolidated view of the most valid and trusted data about each asset. During testing, we saw it pull data simultaneously from Active Directory, ServiceNow, CrowdStrike and other sources, creating rich contextual profiles that inform policy decisions.Because Elistiy's Virtual Edge "connectors" are connected corporate networks they discover and sees more than just the device details, it also sends network flow data to Elisity's Cloud Control Center. This level of integration enables the platform to correlate "who is talking to who".Policy Creation and ManagementAll of this correlated meta data for users, workloads and devices becomes valuable with Elisity access policy capabilities. The policy interface uses an intuitive matrix visualization that clearly shows relationships between asset groups. A key feature demonstrated was the ability to classify assets dynamically based on multiple criteria. For example, we watched an unauthorized laptop get automatically reclassified into an authorized radiology group based on matching ServiceNow asset tags, device type, and CrowdStrike EDR status. The platform includes powerful features for policy refinement: Learning mode to understand actual traffic patterns Policy simulation before enforcement Traffic flow analytics overlaid on the policy matrix The ability to lock assets in specific groups (particularly valuable for OT environments)A particularly useful feature is the traffic flow analysis view, which overlays actual communication patterns on the policy matrix. This helps administrators identify unused paths that can be safely blocked and validate policy changes before enforcement.Healthcare Use Case Deep Dive To evaluate real-world applicability, we tested a common healthcare scenario: securing legacy medical devices running outdated operating systems. The platform automatically discovered our simulated medical equipment and provided granular visibility into their communication patterns. The demo showed how easily policies could be created for diverse medical equipment including X-ray machines, CT scanners, and EHR systems. A particularly valuable example demonstrated blocking specific ports (like SSH port 22) to legacy medical devices running outdated operating systems while maintaining necessary clinical access.Performance and ScaleTesting revealed minimal performance impact from Elisity's enforcement mechanisms. By leveraging switch ASICs for policy enforcement, the solution maintained sub-millisecond latency with no noticeable throughput reduction. The distributed architecture handled our test load efficiently, suggesting good scalability for enterprise deployments.The deployment process proved remarkably straightforward, taking under 30 minutes per site with no network downtime. This efficiency stems from Elisity's container-based approach and ability to work with existing infrastructure. Areas for Enhancement While Elisity delivers on its core promise, some areas could be improved. The wireless integration capabilities have recently been expanded to include Cisco Catalyst 9800 wireless controllers supporting inter and intra SSID segmentation or alternatively on the switch where the AP or Controller connects to the network which could be significant for healthcare environments with increasing wireless device adoption. Additionally, while the policy interface is intuitive, more predefined templates would help accelerate initial deployment.We also noted that some manual policy tuning was needed to optimize rules for specific use cases. While the platform provides good visibility for this tuning, additional automation could streamline this process. We do note that Elisity informed us that they are launching Elisity Intelligence in early 2025, which they say will provide a stronger automated policy recommendation engine.Public Case Study ExampleElisity shares that a leading U.S. health system with 800+ hospitals and healthcare clinics achieved remarkable efficiency gains and cost savings by implementing Elisity, reducing total costs from $38M to $9M - a 76% TCO reduction. The implementation required only 2 staff members per site instead of 14, with deployment taking just 4-10 hours per location while avoiding downtime and patient care disruption. Elisity's platform discovered and classified 99% of devices within 4 hours and eliminated the need for costly IoMT device re-IP processes, and provided automated, continuous device inventory updates to their CMDB with comprehensive network visibility across all locations. Read more on Elisity's successful deployments in healthcare, pharma and manufacturing on their website.ConclusionElisity successfully addresses the primary challenges of traditional microsegmentation approaches while providing a practical path to implementation. The solution's ability to leverage existing infrastructure while delivering identity-based controls makes it particularly valuable for organizations with diverse endpoint types and complex segmentation requirements. During testing, we were particularly impressed by Elisity's incident response capabilities. The platform allows organizations to maintain multiple policy sets - including pre-configured "locked down" policies that can be rapidly deployed via their SOAR playbooks or API integrations, if ransomware or other threats are detected. The platform's rapid deployment capabilities and minimal performance impact make it a compelling option for enterprises looking to improve their security posture without massive infrastructure investments. While some aspects like wireless integration could be enhanced, Elisity offers a pragmatic approach to implementing microsegmentation across the enterprise. For organizations struggling with traditional segmentation approaches, particularly those in healthcare and manufacturing sectors, Elisity provides a clear path forward that balances security requirements with operational realities. To learn more about Elisity IdentityGraph, visit the solution page here.Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Jan 10, 2025Ravie LakshmananCybersecurity / AndroidCybersecurity researchers have detailed a now-patched security flaw impacting Monkey's Audio (APE) decoder on Samsung smartphones that could lead to code execution.The high-severity vulnerability, tracked as CVE-2024-49415 (CVSS score: 8.1), affects Samsung devices running Android versions 12, 13, and 14."Out-of-bounds write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code," Samsung said in an advisory for the flaw released in December 2024 as part of its monthly security updates. "The patch adds proper input validation."Google Project Zero researcher Natalie Silvanovich, who discovered and reported the shortcoming, described it as requiring no user interaction to trigger (i.e., zero-click) and a "fun new attack surface" under specific conditions.Particularly, this works if Google Messages is configured for rich communication services (RCS), the default configuration on Galaxy S23 and S24 phones, as the transcription service locally decodes incoming audio before a user interacts with the message for transcription purposes."The function saped_rec in libsaped.so writes to a dmabuf allocated by the C2 media service, which always appears to have size 0x120000," Silvanovich explained."While the maximum blocksperframe value extracted by libsapedextractor is also limited to 0x120000, saped_rec can write up to 3 * blocksperframe bytes out, if the bytes per sample of the input is 24. This means that an APE file with a large blocksperframe size can substantially overflow this buffer."In a hypothetical attack scenario, an attacker could send a specially crafted audio message via Google Messages to any target device that has RCS enabled, causing its media codec process ("samsung.software.media.c2") to crash.Samsung's December 2024 patch also addresses another high-severity vulnerability in SmartSwitch (CVE-2024-49413, CVSS score: 7.1) that could allow local attackers to install malicious applications by taking advantage of improper verification of cryptographic signature.Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Jan 10, 2025Ravie LakshmananCyber Espionage / Cyber AttackMongolia, Taiwan, Myanmar, Vietnam, and Cambodia have been targeted by the China-nexus RedDelta threat actor to deliver a customized version of the PlugX backdoor between July 2023 and December 2024."The group used lure documents themed around the 2024 Taiwanese presidential candidate Terry Gou, the Vietnamese National Holiday, flood protection in Mongolia, and meeting invitations, including an Association of Southeast Asian Nations (ASEAN) meeting," Recorded Future's Insikt Group said in a new analysis.It's believed that the threat actor compromised the Mongolian Ministry of Defense in August 2024 and the Communist Party of Vietnam in November 2024. It's also said to have targeted various victims in Malaysia, Japan, the United States, Ethiopia, Brazil, Australia, and India from September to December 2024.RedDelta, active since at least 2012, is the moniker assigned to a state-sponsored threat actor from China. It's also tracked by the cybersecurity community under the names BASIN, Bronze President, Camaro Dragon, Earth Preta, HoneyMyte, Mustang Panda (and its closely related Vertigo Panda), Red Lich, Stately Taurus, TA416, and Twill Typhoon.The hacking crew is known for continually refining its infection chain, with recent attacks weaponizing Visual Studio Code tunnels as part of espionage operations targeting government entities in Southeast Asia, a tactic that's increasingly being adopted by various China-linked espionage clusters such as Operation Digital Eye and MirrorFace.The intrusion set documented by Recorded Future entails the use of Windows Shortcut (LNK), Windows Installer (MSI), and Microsoft Management Console (MSC) files, likely distributed via spear-phishing, as the first-stage component to trigger the infection chain, ultimately leading to the deployment of PlugX using DLL side-loading techniques.Select campaigns orchestrated late last year have also relied on phishing emails containing a link to HTML files hosted on Microsoft Azure as a starting point to trigger the download of the MSC payload, which, in turn, drops an MSI installer responsible for loading PlugX using a legitimate executable that's vulnerable to DLL search order hijacking.In a further sign of an evolution of its tactics and stay ahead of security defenses, RedDelta has been observed using the Cloudflare content delivery network (CDN) to proxy command-and-control (C2) traffic to the attacker-operated C2 servers. This is done so in an attempt to blend in with legitimate CDN traffic and complicate detection efforts.Recorded Future said it identified 10 administrative servers communicating with two known RedDelta C2 servers. All the 10 IP addresses are registered to China Unicom Henan Province."RedDelta's activities align with Chinese strategic priorities, focusing on governments and diplomatic organizations in Southeast Asia, Mongolia, and Europe," the company said."The group's Asia-focused targeting in 2023 and 2024 represents a return to the group's historical focus after targeting European organizations in 2022. RedDelta's targeting of Mongolia and Taiwan is consistent with the group's past targeting of groups seen as threats to the Chinese Communist Party's power."The development comes amid a report from Bloomberg that the recent cyber attack targeting the U.S. Treasury Department was perpetrated by a fellow hacking group known as Silk Typhoon (aka Hafnium), which was previously attributed to the zero-day exploitation of four security flaws in Microsoft Exchange Server (aka ProxyLogon) in early 2021.Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Serhii Mohylevskyi, QA Practice Leader, NIXJanuary 10, 20254 Min Readsyahrir maulana via Alamy StockArtificial intelligence is already a big deal, but not everyone is using it effectively. Many clients ask us how weve integrated AI into our QA process, but creating a real, usable approach wasnt as easy as it seemed. Today, I want to share how we approached AI in quality assurance and the lessons we learned along the way.The AI Hype and RealityTwo years ago, ChatGPT exploded onto the scene. People rushed to learn about generative AI, large language models and machine learning. Initially, the focus was on AI replacing jobs, but over time, these discussions faded, leaving behind a flood of AI-powered products claiming breakthroughs across every industry.For software development, the main questions were:How can AI benefit our daily processes?Will AI replace QA engineers?What new opportunities can AI bring?Starting the AI InvestigationAt our company, we received an inquiry from sales asking about AI tools we were using. Our response? Well, we were using ChatGPT and GitHub Copilot in some cases, but nothing specifically for QA. So, we set out to explore how AI could genuinely enhance our QA practices.What we found was that AI could increase productivity, save time, and provide additional quality gates, if implemented correctly. We were eager to explore these benefits.Related:Categorizing the AI ToolsOver the next few months, we analyzed numerous AI tools, categorizing them into three main groups:Existing tools with AI features: Many products had added AI features just to ride the hype wave. While some were good, the AI was often just a marketing gimmick, providing basic functionality like test data generation or spell-checking.AI-based products from scratch: These products aimed to be more intelligent but were often rough around the edges. Their user interfaces were lacking, and many ideas didn't work as expected. However, we saw potential for the future.False advertising: These were products promising flawless bug-free applications, usually requiring credit card information upfront. We quickly ignored these as obvious scams.What We LearnedDespite our thorough search, we didnt find any AI tools ready for large-scale commercial use in QA. Some tools had promising features, like auto-generating tests or recommending test plans, but they were either incomplete or posed security risks by requiring excessive access to source code.Yet, we identified realistic uses of AI. By focusing on general-use AI models like ChatGPT and GitHub Copilot, we realized that while QA-specific tools werent quite there yet, we could still leverage AI in our process. To make the most of it, we surveyed our 400 QA engineers about their use of AI in their daily work.Related:About half were already using AI, primarily for:Assisting with test automationGenerating test dataProofreading documentsAutomating routine tasksDeveloping a New ApproachWe then created an in-house course on generative AI tailored for QA engineers. This empowered them to use AI for tasks like test case generation, documentation, and automating repetitive tasks. As engineers learned, they discovered even more ways to optimize workflows with AI.How profitable is it? Our measurements showed that AI reduced the time spent on test case generation and documentation by 20%. For coding engineers, AI-enabled them to generate multiple test frameworks in a fraction of the time it wouldve taken manually, speeding up the process. Tasks that used to take weeks could now be done in a day.The DownsidesDespite its benefits, AI isnt perfect. It isnt smart enough to replace jobs, especially for junior engineers. AI may generate test cases, but it often overlooks important checks, or it suggests irrelevant ones. It requires constant oversight and fact-checking.Related:Why Many Companies Get It WrongThe biggest mistake companies make is jumping into AI without understanding its limitations. Many fall for the hype and end up using AI tools that dont work well, only to face frustration. The truth is that AI is a valuable assistive tool, but it needs to be used thoughtfully and alongside human oversight.Key takeaways from our journey with AI in QA:AI is not a magic bullet. It provides incremental improvements but wont radically transform your processes overnight.Implementing AI takes effort. It needs to be tailored to your needs, and blindly following trends wont get you far.AI can assist, but it cant replace human oversight. Its ineffective for junior engineers who may not be able to discern when AI is wrong.Dedicated AI testing tools still need improvement. The market isnt yet ready for specialized AI tools in QA that offer real value.AI is exciting and transforming many industries, but in QA, it remains an assistive tool rather than a game-changer. We at NIX are embracing it, but we're not throwing out the rulebook just yet.About the AuthorSerhii MohylevskyiQA Practice Leader, NIXSerhii Mohylevskyi is a QA Practice Leader at NIX, bringing over 10 years of experience in manual, automated, and performance testing. He focuses on integrating new technologies into QA processes.See more from Serhii MohylevskyiNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also LikeWebinarsMore WebinarsReportsMore Reports

Every network leader seeks fast and reliable performance. Network metrics provide the insights necessary to achieve those goals.

We are in need of a Virtual Assistant to that will manage customer inquiries, assist with sales and inventory management, and handle administrative tasks to ensure smooth operations. Your focus will be on enhancing customer experience, generating leads, and improving back-office efficiency.Key Responsibilities:Customer Support: Respond to inquiries, schedule test drives, and provide vehicle information.Lead Generation & Follow-Up: Manage leads, follow up with prospects, and send personalized communications.Sales & Promotions: Assist with promotional content and monitor campaign success.Inventory Management: Track vehicle inventory, update systems, and coordinate restocking.Appointment Management: Organize test drives, sales meetings, and service appointments.Document Management: Process sales contracts, insurance, and registration paperwork.CRM Management: Update customer information and track feedback in CRM systems.Data Entry & Reporting: Generate reports on sales performance and customer engagement.After-Sales Support: Ensure customer satisfaction and coordinate maintenance scheduling.Administrative Support: Handle phone calls, emails, and office tasks.Required Skills:Proven experience as a Virtual Assistant or similar role.Strong communication skills (phone, email, chat).Familiarity with CRM systems (Salesforce, HubSpot).Proficient in Microsoft Office and Google Workspace.Strong organizational and time-management skills.This position is remote, offering flexibility to work alongside our sales, marketing, and management teams to drive success. Related Jobs See more Customer Support jobs

This article first appeared in The Checkup,MIT Technology Reviewsweekly biotech newsletter. To receive it in your inbox every Thursday, and read articles like this first,sign up here. This week marks a strange anniversaryits five years since most of us first heard about a virus causing a mysterious pneumonia. A virus that we later learned could cause a disease called covid-19. A virus that swept the globe and has since been reported to have been responsible for over 7 million deathsand counting. I first covered the virus in an article published on January 7, 2020, which had the headline Doctors scramble to identify mysterious illness emerging in China. For that article, and many others that followed it, I spoke to people who were experts on viruses, infectious disease, and epidemiology. Frequently, their answers to my questions about the virus, how it might spread, and the risks of a pandemic were the same: We dont know. We are facing the same uncertainty now with H5N1, the virus commonly known as bird flu. This virus has been decimating bird populations for years, and now a variant is rapidly spreading among dairy cattle in the US. We know it can cause severe disease in animals, and we know it can pass from animals to people who are in close contact with them. As of this Monday this week, we also know that it can cause severe disease in peoplea 65-year-old man in Louisiana became the first person in the US to die from an H5N1 infection. Scientists are increasingly concerned about a potential bird flu pandemic. The question is, given all the enduring uncertainty around the virus, what should we be doing now to prepare for the possibility? Can stockpiled vaccines save us? And, importantly, have we learned any lessons from a covid pandemic that still hasnt entirely fizzled out? Part of the challenge here is that it is impossible to predict how H5N1 will evolve. A variant of the virus caused disease in people in 1997, when there was a small but deadly outbreak in Hong Kong. Eighteen people had confirmed diagnoses, and six of them died. Since then, there have been sporadic cases around the worldbut no large outbreaks. As far as H5N1 is concerned, weve been relatively lucky, says Ali Khan, dean of the college of public health at the University of Nebraska. Influenza presents the greatest infectious-disease pandemic threat to humans, period, says Khan. The 1918 flu pandemic was caused by a type of influenza virus called H1N1 that appears to have jumped from birds to people. It is thought to have infected a third of the worlds population, and to have been responsible for around 50 million deaths. Another H1N1 virus was responsible for the 2009 swine flu pandemic. That virus hit younger people hardest, as they were less likely to have been exposed to similar variants and thus had much less immunity. It was responsible for somewhere between 151,700 and 575,400 deaths that year. To cause a pandemic, the H5N1 variants currently circulating in birds and dairy cattle in the US would need to undergo genetic changes that allow them to spread more easily from animals to people, spread more easily between people, and become more deadly in people. Unfortunately, we know from experience that viruses need only a few such changes to become more easily transmissible. And with each and every infection, the risk that a virus will acquire these dangerous genetic changes increases. Once a virus infects a host, it can evolve and swap chunks of genetic code with any other viruses that might also be infecting that host, whether its a bird, a pig, a cow, or a person. Its a big gambling game, says Marion Koopmans, a virologist at the Erasmus University Medical Center in Rotterdam, the Netherlands. And the gambling is going on at too large a scale for comfort. There are ways to improve our odds. For the best chance at preventing another pandemic, we need to get a handle on, and limit, the spread of the virus. Here, the US could have done a better job at limiting the spread in dairy cows, says Khan. It should have been found a lot earlier, he says. There should have been more aggressive measures to prevent transmission, to recognize what disease looks like within our communities, and to protect workers. States could also have done better at testing farm workers for infection, says Koopmans. Im surprised that I havent heard of an effort to eradicate it from cattle, she adds. A country like the US should be able to do that. The good news is that there are already systems in place for tracking the general spread of flu in people. The World Health Organizations Global Influenza Surveillance and Response System collects and analyzes samples of viruses collected from countries around the world. It allows the organization to make recommendations about seasonal flu vaccines and also helps scientists track the spread of various flu variants. Thats something we didnt have for the covid-19 virus when it first took off. We are also better placed to make vaccines. Some countries, including the US, are already stockpiling vaccines that should be at least somewhat effective against H5N1 (although it is difficult to predict exactly how effective they will be against some future variant). The US Administration for Strategic Preparedness and Response plans to have up to 10 million doses of prefilled syringes and multidose vials prepared by the end of March, according to an email from a representative. The US Department of Health and Human Services has also said it will provide the pharmaceutical company Moderna with $176 million to create mRNA vaccines for pandemic influenzausing the same quick-turnaround vaccine production technology used in the companys covid-19 vaccines. Some question whether these vaccines should have already been offered to dairy farm workers in affected parts of the US. Many of these individuals have been exposed to the virus, a good chunk of them appear to have been infected with it, and some of them have become ill. If the decision had been up to Khan, he says, they would have been offered the H5N1 vaccine by now. And we should ensure they are offered seasonal flu vaccines in order to limit the risk that the two flu viruses will mingle inside one person, he adds. Others worry that 10 million vaccine doses arent enough for a country with a population of around 341 million. But health agencies walk a razor-thin line between having too much vaccine for something and not having enough, says Khan. If an outbreak never transpires, 340 million doses of vaccine will feel like an enormous waste of resources. We cant predict how well these viruses will work, either. Flu viruses mutate all the time, and even seasonal flu vaccines are notoriously unpredictable in their efficacy. I think weve become a little bit spoiled with the covid vaccines, says Koopmans. We were really, really lucky [to develop] vaccines with high efficacy. One vaccine lesson we should have learned from the covid-19 pandemic is the importance of equitable access to vaccines around the world. Unfortunately, its unlikely that we have. It is doubtful that low-income countries will have early access to [a pandemic influenza] vaccine unless the world takes action, Nicole Lurie of the Coalition for Epidemic Preparedness Innovations (CEPI) said in a recent interview for Gavi, a public-private alliance for vaccine equity. And another is the impact of vaccine hesitancy. Making vaccines might not be a problembut convincing people to take them might be, says Khan. We have an incoming administration that has lots of vaccine hesitancy, he points out. So while we may end up having vaccines available, its not very clear to me if we have the political and social will to actually implement good public health measures. This is another outcome that is impossible to predict, and I wont attempt to do so. But I am hoping that the relevant administrations will step up our defenses. And that this will be enough to prevent another devastating pandemic. Now read the rest of The Checkup Read more from MIT Technology Review's archive Bird flu has been circulating in US dairy cows for months. Virologists are worried it could stick around on US farms forever. As the virus continues to spread, the risk of a pandemic continues to rise. We still dont really know how the virus is spreading, but we do know that it is turning up in raw milk. (Please dont drink raw milk.) mRNA vaccines helped us through the covid-19 pandemic. Now scientists are working on mRNA flu vaccinesincluding universal vaccines that could protect against multiple flu viruses. The next generation of mRNA vaccines is on the way. These vaccines are self-amplifying and essentially tell the body how to make more mRNA. Maybe theres an alternative to dairy farms of the type that are seeing H5N1 in their cattle. Scientists are engineering yeasts and plants with bovine genes so they can produce proteins normally found in milk, which can be used to make spreadable cheeses and ice cream. The cofounder of one company says a factory of bubbling yeast vats could replace 50,000 to 100,000 cows. From around the web Bird flu has been circulating in US dairy cows for months. Virologists are worried it could stick around on US farms forever. As the virus continues to spread, the risk of a pandemic continues to rise. We still dont really know how the virus is spreading, but we do know that it is turning up in raw milk. (Please dont drink raw milk.) mRNA vaccines helped us through the covid-19 pandemic. Now scientists are working on mRNA flu vaccinesincluding universal vaccines that could protect against multiple flu viruses. The next generation of mRNA vaccines is on the way. These vaccines are self-amplifying and essentially tell the body how to make more mRNA. Maybe theres an alternative to dairy farms of the type that are seeing H5N1 in their cattle. Scientists are engineering yeasts and plants with bovine genes so they can produce proteins normally found in milk, which can be used to make spreadable cheeses and ice cream. The cofounder of one company says a factory of bubbling yeast vats could replace 50,000 to 100,000 cows.

EPR Architects body of work was shortlisted for last yearsAYAs, as the practice was named a finalist for two awards, includingRefurbishment and Reinvention Architect of the Year.In this series,we take a look at one of the teams entry projects and ask the firms board director, Geoff Hull, to break down some of the biggest specification challenges that needed to be overcome.What were the key requirements of the clients brief? How did you meet these both through design and specification?EPR Architects was first approached by our client, the Hinduja Group, in 2015. The overarching brief was to repurpose Britains iconic, grade II-listed Old War Office Building (OWO) from a fortress into a memorable, world-class destination. Luxury operator Raffles was an appropriate choice for the hotel and branded residences, as they embraced the history and culture of the existing building and its context.We began by studying the original architects designs, including the geometry and proportions of the facade and roofscape. We established the multiple protected viewpoints around the site, exploring opportunities to alter plans below and above ground whilst respecting the existing cellular masonry loadbearing form.Alongside a talented team of designers and specialist contractors, we incorporated an extensive array of exciting new interventions, including a combination of one-, two- and three-storey roof extensions, where traditional materials such as Portland stone, slate roofing and timber casement windows were selected to blend the old and new seamlessly. Each new additional storey sets back from the existing, with parapets to ensure that the proportion and scale seen at street level are not affected, whilst six new basement levels allow for a four-storey spa and a new grand ballroom.The overarching brief was to repurpose Britains iconic, grade II-listed Old War Office Building from a fortress into a memorable, world-class destinationWhat were the biggest specification challenges on the project, and how were they overcome?Projects of this scale and complexity, particularly when dealing with a listed building, present unique and multifaceted challenges, but the rewards are unparalleled.The projects transformation into a luxury destination required us to navigate various key challenges, including structural, fire safety, water ingress, acoustics and thermal performance. These challenges arose from the buildings original design as a purpose-built government office (designed to keep people out) and the heightened demands of converting it into a modern luxury hotel and residences.From the surface, the Old War Office was perfectly preserved. However, for The OWO to stand confidently amongst the competitive hotel market, EPR needed to replan, restructure and reconfigure the existing buildings layout. Logistical planning for this central London site was equally critical, including temporary works such as the partial removal of the listed facade to allow for site traffic and the excavation of approximately 65,000 cubic meters of soil.It was the ultimate schoolboy dream to be involved in designing and creating something so iconicWhat are the three biggest specification considerations for the project type? How did these specifically apply to your project?The three largest specification considerations for the project were fire protection, water ingress and the replication of existing materials.Fire safety and the introduction of a life safety network, including a fully operational sprinkler system and compartmentation, had to be carefully integrated into the existing fabric to respect its listed status. This required a thoughtful and respectful approach to ensure the new safety features were sympathetically incorporated into the historic elements of the building.A series of mitigation measures needed to be implemented to address water ingress in the basement. These included upgrading the existing moat, replacing non-return valves and water motors, installing flood doors and incorporating a cavity drain system to protect the space from incoming water.The project also involved the replication of existing materials to maintain the buildings historic character. This included sensitively preserving or recreating decorative elements such as cornice work, marble stair balustrades, timber panelling and mosaic flooring, ensuring the new additions blended harmoniously with the original features.Do you have a favourite product or material that was specified on the project?I think the Aston Martin artwork displayed within the Spy Bar has to be my favourite! For me, it was the ultimate schoolboy dream to be involved in designing and creating something so iconic and something one would typically only see in a James Bond movie.The three largest specification considerations for the project were fire protection, water ingress and the replication of existing materialsAre there any suppliers you collaborated with on the project that contributed significantly? And what was the most valuable service that they offered?Ardmore, the main contractor, took a highly proactive approach in sourcing the right expertise for each specialised, bespoke trade required for the project. This included a wide range of complimentary and matching stone elements, hand-carved timber fireplaces, secondary glazing and comprehensive restoration efforts.Skilled artisans were brought in to handle ornate cornice work, custom doorsets, lighting and detailed timber panelling, among many other trades. Their collaborative efforts played a key role in the successful repositioning and transformation of the building, ensuring that each detail contributed to the overall vision of the restoration.What did you think was the biggest success on the project?The response to the opening and operation of The OWO has been nothing short of overwhelming. As architects, our involvement of almost a decade has certainly come with its fair share of challenges, but the immense sense of pride and emotional reward has been exceptional. Its fantastic to see people finally enjoying the building and all the incredible facilities it now has to offer.As advocates for retrofit and reuse, were proud to breathe new life into characterful, neglected or underutilised historic buildings, and we hope this new addition to Londons luxury market leaves a lasting impression on all who choose to visit, whether they come to stay, dine, or make it their home.1/9show captionProject detailsArchitect and lead designerEPR ArchitectsDeveloper and investor Whitehall Residences LtdMain contractors Keltbray (soft strip), Toureen (demo, substructure and superstructure) and Ardmore (envelope and fit-out)Structural engineer Elliott WoodServices engineer AecomInterior designer The Office of Thierry Despont (hotel),1508 (residential),Goddard Littlefair (spa),Winch (penthouse apartment)Pavilion design Dae Wha Kang DesignDevelopment manager Westminster Development ServicesQuantity surveyor Gardiner & TheobaldPlanning consultant Gerald EveHistoric advisors Donald InsallFire engineer Jensen HughesApproved inspector Bureau VeritasSpecialist lighting dpaLighting consultants ProjectMarketing and PR Graf LondonOur What made this project series highlights the outstanding work of our Architect of the Year finalists.To keep up-to-date with all the latest from the Architect of the Year Awards visithere.

Just 2,260 sites were approved between July and September (Q3) last year, marking the lowest quarterly total since HBF reporting began in 2006.A rolling annual total of 10,180 sites approved also represented a record low, according to the HBF.The trade association, which published the Glenigan-gathered data in a housing pipeline report this week, says the all-time low in Q3 of 2024 was symptomatic of a continued downward trend in planning approvals, which fell 10 per cent between the second and third quarters of the year.AdvertisementAlthough there was a slight increase in the number of actual housing units approved in Q3 compared with Q2 creeping up by 2 per cent to 57,356 the total was still 40 per cent lower than the highest-ever peak.The decline was most pronounced in the North East, Yorkshire & the Humber and the West Midlands, with housing planning approvals plummeting by 61 per cent, 49 per cent, and 55 per cent respectively.London and a handful of other regions saw slight increases, but approvals remained far below historic levels, according to the HBF.Based on the data, approvals would need to increase by more than 150 per cent in order for the government to meet its annual housebuilding target of 370,000 homes, the organisation has said.Separate BBC analysis published yesterday (9 January) found that some local authorities in England would need to see at least a five-fold increase in new housing in order to meet their government targets.AdvertisementAcross England, 16 local authorities have been set targets that are 400 per cent or more of what they have recently delivered, according to the BBC.Responding to the stark statistics, the HBF has declared an urgent need for targeted interventions to address the decline in planning approvals. It describes government changes to the NPPF as encouraging but says swift action is now needed to streamline the planning process, tackle regional imbalances, and ensure the necessary infrastructure for new developments.HBF chief executive Neil Jefferson described the continued decline in housing planning approvals as deeply concerning.He said the significant regional discrepancies highlight the need for targeted interventions that not only speed up planning processes but also provide clear support for both developers and homebuyers.Jefferson added: The lack of affordable housing is impacting communities across the country and, without a stable demand for new homes, the industry lacks the confidence to invest in building the homes that are desperately needed.Despite the record-low approval rates, there was a slight uptick in on-site construction starts in the final quarter of 2024 (Q4), according to separately -published Glenigan data.Residential construction starts increased by 7 per cent between October and December, compared with the preceding three months, according to Glenigans January 2025 construction index although this was still 3 per cent lower than 2023 figures.On-site starts on social housing performed poorly on both counts, falling 1 per cent between Q3 and Q4, and plummeting by 17 per cent compared to the final quarter of 2023.2025-01-10Anna Highfieldcomment and share

Refinance rates were mixed, but one key rate climbed higher.