Feed aggregator

Despite being a major city, Philadelphia has fairly limited internet provider options. Here are CNET's picks of the best ISPs in the city to get the fastest speeds and best prices.

If you're living in Overland Park, check out the quick plans and great prices for home broadband that you can find around you.

Article URL: https://www.opensourceimaging.org/project/nmrduino/

Comments URL: https://news.ycombinator.com/item?id=42193213

Points: 1

# Comments: 0

Article URL: https://www.okoone.com/spark/product-design-research/webassemblys-wasmgc-paves-the-way-for-front-end-language-freedom/

Comments URL: https://news.ycombinator.com/item?id=42193183

Points: 1

# Comments: 0

Article URL: https://www.latex-project.org/news/2024/07/08/tagging/

Comments URL: https://news.ycombinator.com/item?id=42193181

Points: 1

# Comments: 0

Article URL: https://dbohdan.com/wavpack

Comments URL: https://news.ycombinator.com/item?id=42193170

Points: 1

# Comments: 0

Article URL: https://electrek.co/2024/11/19/nio-eyes-rapid-overseas-expansion-new-onvo-ev-boosts-sales/

Comments URL: https://news.ycombinator.com/item?id=42193135

Points: 1

# Comments: 0

Article URL: https://medium.com/@vutrinh274/automq-achieving-auto-partition-reassignment-in-kafka-without-cruise-control-c1547dae3e39

Comments URL: https://news.ycombinator.com/item?id=42193134

Points: 2

# Comments: 0

Are there any accounts on blue sky that you recommend?

I am looking for accounts that people with a "hacker" personality may like.

Any suggestions?

Comments URL: https://news.ycombinator.com/item?id=42193111

Points: 1

# Comments: 1

Article URL: https://www.youtube.com/watch?v=KUmkgReBiaE

Comments URL: https://news.ycombinator.com/item?id=42193095

Points: 1

# Comments: 1

From protective covers to VR mats, there are many accessories to pair with your Meta Quest 2. Here's our expert's pick of those worth considering.

The update brings Apple Intelligence features to some people and a few features and fixes to everyone.

Today, CISA, the Federal Bureau of Investigation (FBI), and the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) released updates to #StopRansomware: BianLian Ransomware Group on observed tactics, techniques, and procedures (TTPs) and indicators of compromise attributed to data extortion group, BianLian.

The advisory, originally published May 2023, has been updated with additional TTPs obtained through FBI and ASD’s ACSC investigations and industry threat intelligence as of June 2024.

BianLian is likely based in Russia, with Russia-based affiliates, and has affected organizations in multiple U.S. critical infrastructure sectors since June 2022. They have also targeted Australian critical infrastructure sectors, professional services, and property development.

CISA and partners encourage infrastructure organizations and small- to medium-sized organizations implement mitigations in this advisory to reduce the likelihood and impact of BianLian and other ransomware incidents. These mitigations align with the Cross-Sector Cybersecurity Performance Goals developed by CISA and the National Institute of Standards and Technology.

This advisory is part of CISA’s ongoing #StopRansomware effort. 

Apple released security updates to address vulnerabilities in multiple Apple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following advisories and apply necessary updates:

• iOS 18.1.1 and iPadOS 18.1.1
• macOS Sequoia 15.1.1
• iOS 17.7.2 and iPadOS 17.7.2
• visionOS 2.1.1
• Safari 18.1.1

The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Homeland Security Systems Engineering and Development Institute (HSSEDI), operated by MITRE, has released the 2024 CWE Top 25 Most Dangerous Software Weaknesses. This annual list identifies the most critical software weaknesses that adversaries frequently exploit to compromise systems, steal sensitive data, or disrupt essential services.

Organizations are strongly encouraged to review this list and use it to inform their software security strategies. Prioritizing these weaknesses in development and procurement processes helps prevent vulnerabilities at the core of the software lifecycle.

Addressing these weaknesses is integral to CISA’s Secure by Design and Secure by Demand initiatives, which advocate for building and procuring secure technology solutions:

• Secure by Design: Encourages software manufacturers to implement security best practices throughout the design and development phases. By proactively addressing common weaknesses found in the CWE Top 25, manufacturers can deliver inherently secure products that reduce risk to end users. Learn more about Secure by Design here.
• Secure by Demand: Provides guidelines for organizations to drive security improvements when procuring software. Leveraging the CWE Top 25, customers can establish security expectations and ensure that their software vendors are committed to mitigating high-risk weaknesses from the outset. Explore how you can integrate Secure by Demand principles here.

Recommendations for Stakeholders:

• For Developers and Product Teams: Review the 2024 CWE Top 25 to identify high-priority weaknesses and adopt Secure by Design practices in your development processes.
• For Security Teams: Incorporate the CWE Top 25 into your vulnerability management and application security testing practices to assess and mitigate the most critical weaknesses.
• For Procurement and Risk Managers: Use the CWE Top 25 as a benchmark when evaluating vendors, and apply Secure by Demand guidelines to ensure that your organization is investing in secure products.

By following CISA’s initiatives, organizations can reduce vulnerabilities and strengthen application and infrastructure security. Incorporating the 2024 CWE Top 25 into cybersecurity and procurement strategies will enhance overall resilience.

For further details, refer to the full 2024 CWE Top 25 list here.

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2024-38812 VMware vCenter Server Heap-Based Buffer Overflow Vulnerability
• CVE-2024-38813 VMware vCenter Server Privilege Escalation Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Today, the Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Department of Agriculture (USDA) released Phishing-Resistant Multi-Factor Authentication (MFA) Success Story: USDA’s FIDO Implementation. This report details how USDA successfully implemented phishing-resistant authentication for its personnel in situations where USDA could not exclusively rely on personal identity verification (PIV) cards. 

USDA turned to Fast IDentity Online (FIDO) capabilities, a set of authentication protocols that uses cryptographic keys on user devices, to offer a secure way to authenticate user identities without passwords. USDA’s adoption of FIDO highlights the importance of organizations moving away from password authentication and adopting more secure MFA technologies. 

This report offers examples to help organizations strengthen their cybersecurity posture through use cases, recommended actions, and resources. USDA successfully implemented MFA by adopting a centralized model, making incremental improvements, and addressing specific use cases. Organizations facing challenges with phishing-resistant authentication are encouraged to review this report. 

For more information about phishing-resistant MFA, visit Phishing-Resistant MFA is Key to Peace of Mind and Implementing Phishing-Resistant MFA. 

Vivint is now offering users the ability to get into the Thanksgiving spirit with unique doorbell sounds.

Mediacom's Xtream Internet may offer gigabit speeds and fast uploads for a cable provider, but it's not CNET's first choice among ISPs. Let's explore.