Authors/Presenters: Jiwon Kim, Benjamin E. Ujcich, Dave (Jing) Tian
Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access.
Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.
Senior adviser who worked for Tony Blair and Gordon Brown says there is an ‘urgent imperative’ for a new government to address wealth inequality in Britain
A key New Labour adviser who worked for Tony Blair and Gordon Brown in Downing Street says there is an “overwhelming economic and ethical case” for Keir Starmer’s party to impose higher taxes on wealth if it wins the general election.
Writing in the Observer Patrick Diamond, professor of public policy at Queen Mary University of London, and his colleague Colm Murphy, a lecturer in British politics, say a Labour government will need to look at radical ways to raise money, not least because the plans for higher economic growth that the party is relying on may never materialise.
The Brown-era adage ‘Prudence with a purpose’ could be the way to obtain the economic stability that has eluded every UK government since the 2008 financial crisis
Keir Starmer appears destined for Downing Street. Even so, as the election campaign rumbles on, his party will be challenged to articulate a compelling platform that secures not only the keys to Number 10 but also the economic stability that has eluded every UK government since the 2008 financial crisis. That will demand fiscal discipline delivered not only through a prudent approach to public spending but also fundamental reform of our tax system.
In headline policy, Labour is committed to fiscal rules on spending and debt. Rachel Reeves promises to move towards balanced current spending and to secure a falling debt-to-GDP ratio by the fifth year of the forecast. As her speech on Tuesday argues, Labour believes such rules will underpin “stability” and “growth”.
On Friday night the dearMoon project—a plan to launch a Japanese billionaire and 10 other 'crew members' on a circumlunar flight aboard SpaceX's Starship vehicle—was abruptly canceled.
"It is unfortunate to be announcing that 'dearMoon', the first private circumlunar flight project, will be cancelled," the mission's official account on the social media site X said. "We thank everyone who has supported us and apologize to those who have looked forward to this project."
Shortly afterward the financial backer of the project and its 'crew leader,' Yusaku Maezawa, explained this decision on X. When Maezawa agreed to the mission in 2018, he said, the assumption was that the dearMoon mission would launch by the end of 2023.
Wedding of Hugh Grosvenor, godfather to the princes’ sons, is ‘society wedding of the year’. Yet why will Harry not attend?
When Hugh Grosvenor, the seventh Duke of Westminster, marries at Chester Cathedral next week the 33-year-old will relinquish the status bestowed on him by society bibles of Britain’s “richest, most eligible bachelor”.
It is not just his £10bn inherited wealth and pole position in the Sunday Times list of 40 richest people under 40 in the UK that means his marriage to Olivia Henson, 31, is being billed as the society wedding of the year.
As DDoS attackers become more sophisticated and the attack surface grows exponentially, businesses must expand beyond an ideology of prevention to include a focus on early detection and response.
Senator Ron Wyden wants the FTC and SEC to investigate the ransomware attack on UnitedHealth's Change subsidiary to see if there was criminal negligence by the CEO or board.
Authors/Presenters:Alex Luoyuan Xiong, Binyi Chen, Zhenfei Zhang, Benedikt Bünz, Ben Fisch, Fernando Krell, Philippe Camacho
Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access.
Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.
Carrier has issued a serious product security advisory confirming the existence of several vulnerabilities in its LenelS2 NetBox access control and event monitoring platform. These vulnerabilities expose the monitoring system to potential compromise, such as remote code execution.
The reported vulnerabilities are significant, as NetBox is often used to guard entries at critical facilities such as government-controlled sites and major corporations.
Multiple Vulnerabilities in Carrier's LenelS2 NetBox
Three vulnerabilities were identified in Carrier's product security advisory for NetBox. The most critical (CVE-2024-2420) of these vulnerabilities could potentially enable an attacker to circumvent authentication requirements and obtain elevated permissions, presenting a serious risk to enterprises which deploy the tool.
[caption id="attachment_73894" align="alignnone" width="1478"] Source: Carrier Product Security Advisory[/caption]
Successful compromise could allow an attacker to install programs, view, edit, modify data, delete data from the platform or create new user accounts with full privileges. However, this depends on the access level of accounts that had been compromised in the event of an attack. The impact of a potential attack could be lower on systems configured with low level of user access.
The vulnerabilities affect all LenelS2 NetBox versions prior to 5.6.2. The identified vulnerabilities are as follows:
CVE-2024-2420 (CVSS v3.1 Base Score 9.8, Critical): A vulnerability involving a hard-coded password in the system that could permit an attacker to bypass authentication requirements.
CVE-2024-2421 (CVSS v3.1 Base Score 9.1, Critical): An unauthenticated remote code execution vulnerability that could permit an attacker with elevated permissions to run malicious commands
CVE-2024-2422 (CVSS v3.1 Base Score 8.8, High): An authenticated remote code execution vulnerability that could permit an attacker to execute malicious commands.
The Center of Internet Security stated that these vulnerabilities pose higher risks to large and medium government or business entities, while posing lower risks to small businesses and individual home owners.
[caption id="attachment_73896" align="alignnone" width="1128"] Source: cisecurity.org[/caption]
Vulnerability Remediation
Carrier has attempted to address these vulnerabilities in its latest release of NetBox version 5.6.2. Carrier has advised customers to immediately upgrade to the latest release version by reaching out to their authorized NetBox installer.
As mitigation, Carrier also advised customers to follow the recommended deployment guidelines, which are detailed in its NetBox hardening guide accessible through NetBox's built-in help menu.
The Center of Internet Security has advised customers to take additional measures such as applying appropriate updates to NetBox systems, applying the principle of least privilege to user accounts, rigorous scanning of vulnerabilities and isolating critical systems, functions, or resources.
The lack of basic security safeguards along with poor code practices such as the presence of hard-coded authentication tokens and improper input sanitization raises concerns about the usage of NetBox to guard physical access to important business and government areas or critical infrastructure.
While there are no confirmed reports of the NetBox vulnerabilities being exploited in the wild, the severity of these vulnerabilities mark them as an important security consideration as countless organizations could be at risk of devastating attacks.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
The US Cybersecurity and Infrastructure Security Agency has added a critical security bug in Linux to its list of vulnerabilities known to be actively exploited in the wild.
The vulnerability, tracked as CVE-2024-1086 and carrying a severity rating of 7.8 out of a possible 10, allows people who have already gained a foothold inside an affected system to escalate their system privileges. It’s the result of a use-after-free error, a class of vulnerability that occurs in software written in the C and C++ languages when a process continues to access a memory location after it has been freed or deallocated. Use-after-free vulnerabilities can result in remote code or privilege escalation.
The vulnerability, which affects Linux kernel versions 5.14 through 6.6, resides in the NF_tables, a kernel component enabling the Netfilter, which in turn facilitates a variety of network operations, including packet filtering, network address [and port] translation (NA[P]T), packet logging, userspace packet queueing, and other packet mangling. It was patched in January, but as the CISA advisory indicates, some production systems have yet to install it. At the time this Ars post went live, there were no known details about the active exploitation.
Everyone needs a little pick-me-up to get through a long day now and then. If your go-to self-care "treats" aren't quite cutting it anymore—maybe your regular Thursday afternoon donut is no longer hitting like it used to—consider adding porn dosing into your routine.
Similar to micro-dosing, or the practice of taking a small amount of a psychedelic drug like cannabis or psilocybin to boost your mood and creativity, porn dosing involves watching to or listening to porn or reading erotica in short bursts throughout the week for a small pleasure boost.
According to Jaimee Bell, sex expert and producer at erotic audio platform Bloom Stories, the trend is being fueled by TikTok's "spicy audio" movement, where users of that platform are listening to short, erotic audio clips while grocery shopping, working out, commuting, and even at work.
"Listening to spicy content can be an amazing way to boost your mood [and] relax, and can give you ideas and get you in the mood for intimacy, even during a busy week," Bell says. In a recent survey carried out by Bloom Stories, 98% of the platform's users said listening to audio erotica boosted their sense of wellbeing, and 92% of users found that it was good for their intimate relationships too.
If you're curious about how to add porn dosing to your day, here's what you need to know.
Why you should add porn dosing into your day
Porn dosing can take different forms, says Bell, depending on your preferred type of erotic content. Some people might choose to watch short clips of porn videos in those moments they might otherwise take a break by scrolling social media. Others might listen to a short erotic audio story or passages from a smutty audiobook on their way home from work, or check out OnlyFans on their lunch break (while away from their work desk, obviously) for some added spice.
Bell does stress the importance of watching and listening to ethically produced adult content, so you can feel good about what you're consuming.
The benefits of porn dosing
The goal isn't to reach orgasm every time you porn dose, Bell says, but to the build up a sense of anticipation that can lead to an amazing orgasm later, when you are eventually in the position to release that tension. "The benefits of orgasm are well documented: Our brains release oxytocin and endorphins, which can reduce stress, improve focus and help us sleep better," she says.
Similarly, award-winning erotic filmmaker Erika Lust says porn dosing can boost serotonin in the same way as listening to a song you love. "Serotonin encourages better moods, sleep, digestion and of course, sexual desire, so it may make you more productive to watch short snippets of porn throughout the week."
Lust says that porn dosing can also benefit people who don’t know what type of porn they enjoy. By experimenting with different varieties and formats, by listening, reading, or watching, you can see which gets you the most excited.
Also, Bell adds, porn dosing can "be just one part of a healthy sex life, [helping you to] feel sexually empowered, aroused, and excited to try new things with your partner(s). Research has repeatedly associated a healthy sex life with improved cognitive function and mood."
So in addition to experimenting with sex toys and role-playing, for example, you might want to include porn dosing as part of your sexual repertoire.
How to fit porn dosing into your routine
First, says Bell, it's important to find a format you like. "Do you prefer reading, watching or listening to erotic content? Audio can be a great format, as it’s subtle, and something you can easily consume on the move [via] headphones," she says. "But experiment and find what you like best."
Bell also suggests setting a habit. "For example, listening to something spicy on your homeward commute could help get you in the mood for intimacy with your partner when you get home," she says. "Or you might find a spicy erotica break at lunchtime energizes you for an afternoon at your desk."
Most of all, porn dosing should be fun. "Don’t put yourself under pressure [to the point] that it feels like a chore," Bell says. "Do what feels good and right for you."
The potential drawbacks of porn dosing
It must be said that obeying the NSFW rules of your workplace is crucial. Getting caught will be embarrassing at best, and could cost you yours job at worst. That's not the relaxing vibe of porn dosing you're looking for. You also want to be safe while consuming content, advises Lust, which means not listening or watching erotic content if you're likely to become dangerously distracted while doing so.
Turning porn dosing into a habit might sound like a gateway drug" to a porn addiction, but Lust notes that such an affliction is better thought of as, "more of a symptom of deeper psychiatric issues or relational conflicts...than [a problem] with the porn consumption itself." However, she stresses, "a healthier way to watch pornography is to choose porn that aligns with your values and that portrays credible stories, and the same is true when you enjoy porn in smaller, bite-sized doses."
As with anything pleasurable, it's important to use erotic content in moderation and notice if your watching or listening habits are having a negative impact on your wellbeing or relationships. "If this is the case, seek the support of a professional who can help you talk this through," Bell advises.
Signs that perhaps you are overindulging, says Lust, could be that you find you have trouble keeping your consumption limited to those bite-sized sessions, or in ways and at times that make you feel out of control. "My advice would be to try to be mindful of your decisions, the same as you would with the food you consume," she adds. "As long as we are mindful about the decisions we make when consuming any kind of product, [that] lessens the risk of becoming obsessed [with] or addicted to it."
In “Living off the Land attacks,” adversaries use USB devices to infiltrate industrial control systems. Cyberthreats from silent residency attacks put critical infrastructure facilities at risk.
Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access.
Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.
Welcome to Edition 6.46 of the Rocket Report! It looks like we will be covering the crew test flight of Boeing's Starliner spacecraft and the fourth test flight of SpaceX's giant Starship rocket over the next week. All of this is happening as SpaceX keeps up its cadence of flying multiple Starlink missions per week. The real stars are the Ars copy editors helping make sure our stories don't use the wrong names.
As always, we welcome reader submissions, and if you don't want to miss an issue, please subscribe using the box below (the form will not appear on AMP-enabled versions of the site). Each report will include information on small-, medium-, and heavy-lift rockets as well as a quick look ahead at the next three launches on the calendar.
Another North Korean launch failure. North Korea's latest attempt to launch a rocket with a military reconnaissance satellite ended in failure due to the midair explosion of the rocket during the first-stage flight this week, South Korea's Yonhap News Agency reports. Video captured by the Japanese news organization NHK appears to show the North Korean rocket disappearing in a fireball shortly after liftoff Monday night from a launch pad on the country's northwest coast. North Korean officials acknowledged the launch failure and said the rocket was carrying a small reconnaissance satellite named Malligyong-1-1.
The Conservatives and Labour are embroiled in a fight to woo voters with promises to keep rates of tax low
The two main political parties are in a bidding war over which can promise to increase taxes the least. Each accuses the other of harbouring a desire to push up taxes to support a growing list of spending pledges.
The Conservatives say there is a £38.5bn funding gap in Labour’s spending promises over the next five years and that to cover it, “Labour will increase your taxes by £2,094”. Labour claim unfunded Tory spending pledges add up to £71bn, or 2% of GDP.
After months of loudly protesting a subpoena, Elon Musk has once again agreed to testify in the US Securities and Exchange Commission's investigation into his acquisition of Twitter (now called X).
Musk tried to avoid testifying by arguing that the SEC had deposed him twice before, telling a US district court in California that the most recent subpoena was "the latest in a long string of SEC abuses of its investigative authority.”
But the court did not agree that Musk testifying three times in the SEC probe was either "abuse" or "overly burdensome." Especially since the SEC has said it's seeking a follow-up deposition after receiving "thousands of new documents" from Musk and third parties over the past year since his last depositions. And according to an order requiring Musk and the SEC to agree on a deposition date from US district judge Jacqueline Scott Corley, "Musk’s lament does not come close to meeting his burden of proving 'the subpoena was issued in bad faith or for an improper purpose.'"
Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access.
Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.
Edouard Baer says he ‘does not recognise himself’ in allegations of harassment and assault by six women
Edouard Baer, a French actor best known for playing Asterix on screen, has become the latest star to feel the impact of sexual assault allegations as his live show in Paris was cancelled.
Baer, who played the fictitious Gaul in the 2012 blockbuster Asterix and Obelix: God Save Britannia alongside Gérard Depardieu, was accused by six women of harassment and sexual assault in a joint article by online news site Mediapart and the feminist website Cheek last week.
What we know so far: A Ticketmaster AWS instance was penetrated by unknown perpetrators; “ShinyHunters” is selling stolen data on their behalf. Don’t forget to add the hidden 5% fee to the ransom.
Authors/Presenters: Matteo Campanelli, Mathias Hall-Andersen, Simon Holmgaard Kamp
Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access.
Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.
The group behind the RedTail malware is exploiting a new vulnerability in Palo Alto Network's PAN-OS software to run a sophisticated cryptomining campaign that is likely backed by North Korea.
After 55 years, the vibrator continues to inspire devotion, as well as a new podcast: ‘It takes on larger-than-life symbolism’
In a Goop-ified world where one can purchase sleek, luxury vibrators for up to three figures, how has one sex toy that’s existed for 55 years garnered such devotion? It’s a question the sex writer Kate Sloan explores in Making Magic, a new podcast about the clunky, white-and-blue, straight-from-a-70s-porn-set Magic Wand Original Massager.
Sloan first became interested in the Magic Wand when she was a 19-year-old spending her gap year writing a sex toy review blog called Girly Juice. Later, while working at a sex store, Sloan noticed how customers would come back to buy the Magic Wand over and over again, eager to replace their old ones with the same model.
I am a 41-year-old woman who has been married for two years. I love my husband and still find him physically attractive, but I do not feel in the mood for sex very often, and never initiate. I even worry about him initiating, as I may not be able to respond in the same way and will make him feel rejected. In my 20s I had a lot of one-night stands after nights out, or with guys I knew and liked, but even then it was about the excitement and seduction rather than the physical sensation. I have only ever managed to have an orgasm by myself. In the past year, when we have sex I get aroused but then lose interest at the moment of penetration. This can be quite abrupt and leave my husband puzzled. I am worried that my lack of sexual desire may become detrimental to our intimacy and relationship.
Your central pleasure centre is your clitoris, and your sexual arousal is dependent on it. For many women, connection with clitoral stimulation is lost once penetration starts, and it is replaced by different feelings which are not always pleasant. If you can teach your partner to continue stimulating your clitoris during penetration, you will have far more pleasurable sensations. Some women take matters into their own hands and pleasure themselves during penetration, while others learn by trial and error which coital positions are most likely to stimulate their clitoris. It is understandable that your confusion and disappointment over your sexual response once intercourse starts should cause you to want to withdraw from sex altogether. But you simply have to take more responsibility for your own pleasure and ask for what you need.
Pamela Stephenson Connolly is a US-based psychotherapist who specialises in treating sexual disorders.
If you would like advice from Pamela on sexual matters, send us a brief description of your concerns to private.lives@theguardian.com (please don’t send attachments). Each week, Pamela chooses one problem to answer, which will be published online. She regrets that she cannot enter into personal correspondence. Submissions are subject to our terms and conditions.
The funding cutbacks announced in February have continued to hobble NIST’s ability to keep the government’s National Vulnerabilities Database (NVD) up to date, with one cybersecurity company finding that more than 93% of the flaws added have not been analyzed or enhanced, a problem that will make organizations less safe. “With the recent slowdown of..
Ticket to Hide: A threat group hacked 1.3 terabytes of Ticketmaster customer data, including payment information. It’s threatening to release the personal data unless a ransom is paid.
Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access.
Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.
Source: securityboulevard.com – Author: Steve Winterfeld Security experts have many fun arguments about our field. For example, while I believe War Games is the best hacker movie, opinions vary based on age and generation. Other never-ending debates include what the best hack is, the best operating system (though this is more of a religious debate), […]
Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access.
Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.
Small and medium-sized businesses are increasingly targeted by sophisticated cyberattacks like QakBot and Black Basta ransomware. Discover how AttackIQ Flex's latest package helps you test your defenses, uncover vulnerabilities, and stay ahead of these advanced threats. Enhance your security posture with real-world attack scenarios and actionable insights. Read on to learn more and register for free today!
Party policy is to add standard 20% rate of VAT to school fees and use funds raised to pay for more state teachers
One of Labour’s headline policies in the run-up to the general election is its promise to end tax breaks for private schools in the UK.
The policy is not new – it was adopted under Jeremy Corbyn and has featured in previous Labour election manifestos. But with Keir Starmer’s party leading in the polls and apparently on course for victory on 4 July, it is coming under renewed scrutiny, prompting front page headlines, claims and counter-claims.
Need to get your audience’s attention so they listen to your cybersecurity lessons? Share these true stories to engage their attention and, perhaps, make them laugh.
Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access.
Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.
Ryan Salame is first of Sam Bankman-Fried’s lieutenants to get jail time for his role in 2022 collapse of cryptocurrency exchange
A federal judge on Tuesday sentenced former FTX executive Ryan Salame to more than seven years in prison, the first of the lieutenants of failed cryptocurrency mogul Sam Bankman-Fried to receive jail time for their roles in the 2022 collapse of the cryptocurrency exchange.
Salame, 30, was a high-ranking executive at FTX for most of the exchange’s existence and, up until its collapse, was the co-CEO of FTX Digital Markets. He pleaded guilty last year to illegally making unlawful US campaign contributions and to operating an unlicensed money-transmitting business.
Those struggling to pay debts include students from overseas who have seen the value of their currency crash
Hundreds of students at the University of Sussex have been warned they may be unable to graduate or re-register for the next academic year if they fail to pay outstanding debts.
Those affected include students from Nigeria and Iran who have been struggling to pay their fees after the value of their currencies crashed. Other international students, as well as UK students, are also among those in debt.
OpenAI has a new Safety and Security Committee in place fewer than two weeks after disbanding its “superalignment” team, a year-old unit that was tasked with focusing on the long-term effects of AI.
Scammers impersonating Microsoft, Publishers Clearing House, Amazon and Apple are at the top of the FTC’s “who’s who” list. Based on consumer reports and complaints to the agency, hundreds of millions of dollars were stolen by bad actors pretending to be brands.
Cyber attack tactics are evolving, according to a new report, from advanced campaigns to exploiting weaknesses, and cybersecurity teams should be optimally employed.
Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access.
Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.