TEIA.RU
Зеленый хостинг ТЭИА

Uptolike

LTCBTC - Bitfinex

Криптоновости

feedspot

Syndicate content My RSS Feed
My RSS Feed
Updated: 32 weeks 3 days ago

Warhol ‘Marilyn’ Work Is Now The Most Expensive 20th-Century Artwork Auctioned

Wed, 05/11/2022 - 10:56

Image via Christie’s

 


Two months ago, Christie’s announced Andy Warhol’s Shot Sage Blue Marilyn would be going up for sale, in what it hailed as “the most significant 20th-century painting to come to auction in a generation.” 



This week, at the auction house’s Spring Marquee Week, the iconic work sold for an astonishing US$195 million, making it the most expensive 20th-century artwork to ever go under the hammer. 


 


According to the Guinness World Records, Warhol’s work bumped the previous record holder, Pablo Picasso, off the throne, whose Les femmes d'Alger (Version O) sold for US$179.3 million in 2015.


 


Not only is the Warhol work now the most expensive painting from the 20th century sold at auction, but it also takes the accolade of being the most expensive work by a US artist ever sold at auction, a title previously held by Jean-Michel Basquiat’s Untitled.



In total, the sale featured 36 lots from the collection of Thomas and Doris Ammann, the brother-sister duo behind Thomas Ammann Fine Art and well-known prestigious collectors in the art world, raking in US$317.8 million.



Aside from Warhol, six other artists achieved record prices at the auction, including Francesco Clemente’s The Fourteen Stations, No XI, which sold for three times its previous record at US$1.86 million; I Wasn’t Sorry, 2003 by Ann Craven, whose piece went up eight times in value to fetch US$680,400; and other works from Mike Bidlo, Mary Heilmann, Martin Disler, and Ross Bleckner.



Heartwarmingly, earnings from the sale will go towards charities providing urgent medical care and educational services to children, with the buyer of Warhol’s Shot Sage Blue Marilyn invited to partner with the Foundation and contribute to the cause, and can nominate charities to which 20% of the work’s proceeds will be donated.



“The record-breaking sale of Warhol’s iconic portrait of Marilyn from the Collection of Thomas and Doris Ammann is a testament to the strength, the vibrancy, and the overall excitement of the art market today,” said Alex Rotter, Christie’s Chairman of 20th and 21st Century Art. 



“This sale demonstrates the pervasive power of Andy Warhol as well as the lasting legacy that he continues to leave behind in the art world, popular culture, and society,” he added. 


 


 


 


[via Associated Press and Christie’s, cover image via Christie’s]

Categories: World News

FIFA Video Games To Change Name As Licensing Deal Comes To A Close

Wed, 05/11/2022 - 10:56

Image via Electronic Arts

 


Following nearly 30 years of creating digital soccer experiences, game developer Electronic Arts and global sporting body FIFA have announced they will no longer be working together from 2023.



EA revealed the news to over 150 million fans who play the game worldwide in a blog post, saying that its new game with a new name, EA Sports FC, will “take global football experiences to new heights.” 



Fans of the game can breathe a sigh of relief, as the company promised the same modes, leagues, tournaments, clubs, and athletes will be available on the game even after the split. 



“Our unique licensing portfolio of more than 19,000+ players, 700+ teams, 100+ stadiums, and 30 leagues that we’ve continued to invest in for decades will still be there, uniquely in EA Sports FC,” Group GM Cam Weber pledged.



Additionally, the firm feels that as an independent platform, it will now have fresh opportunities to “innovate, create, and evolve,” finding new ways to reinvest in the sport, work with new partners, and most importantly, “bring joy, inclusivity, and immersion to a global community of fans.” 



“We are excited to continue and expand our long partnership with EA Sports as we serve athletes at the intersection of sport, gaming, and culture,” said DJ van Hameren, CMO of Nike. 



“Our partnership with EA Sports FC will authentically grow the ways our communities can play and engage with sport,” he added. 


 


 


 


[via Protocol and Electronic Arts, cover image via Electronic Arts]

Categories: World News

Xbox Is Reportedly Building A Streaming Stick To Tackle Low Console Supply

Wed, 05/11/2022 - 10:56


Photo 230451034 © 777ers | Dreamstime.com


 


As video gaming giants grapple with console supply issues caused by chip shortages and shipping problems, Microsoft appears to be thinking out of the traditional (X)box in favor of hardware that’s much more lightweight and compact.


 


A new report by VentureBeat details that the tech behemoth is set to launch an Xbox streaming stick in a matter of 12 months. The gadget is part of the company’s vision to make gaming accessible to all, opening the Xbox experience to families who might not be able to obtain a console.



As outlined by the news outlet’s reporter Jeff Grubb, the Xbox stick looks and acts like an Amazon Fire Stick or Roku Puck. It could be plugged into a television’s HDMI port to launch the Xbox Cloud Gaming service, where users can access a library of games, television shows, and movies.



Samsung TV owners have more to gain from this cloud service, as the report notes that Microsoft and Samsung have designed a game-streaming app to be installed within those sets. This means users won’t have to purchase the streaming stick to get a hold of Xbox’s offerings.


 


All told, the tiny Xbox device should be better suited for casual players, since cloud-based games tend to have more lag than those loaded from a powerful console. Considering this, Microsoft would have a greater chance of encouraging adoption by pricing the streaming stick much more affordably than the usual Xbox hardware.


 


 



[via BGRGizmodo, VentureBeat, cover photo 230451034 © 777ers | Dreamstime.com]

Categories: World News

Microsoft Debuts Adaptive Computer Accessories For Users With Disabilities

Wed, 05/11/2022 - 10:56
[Click here to view the video in this article]


Image via Microsoft

 


Ever since the introduction of the Xbox Adaptive Controller in 2018, Microsoft has devoted more time to working on innovations that benefit all users, and has now officially opened its new Inclusive Tech Lab where engineers will learn and develop gadgets specifically for those with various types of disabilities. 



Alongside the new facility, the brand is introducing an Adaptive Accessories collection for users who experience difficulty using a traditional mouse and keyboard. With this adaptable, easy-to-use system, they will now be able to create their own setup specific to their needs, allowing them to be more productive at work and use their favorite applications more effectively. 



In total, the accessories boast three components that enable users to configure, 3D-print, and customize their very own mouse, keyboard inputs, and computer shortcuts to best suit their lifestyles. 


 



Image via Microsoft

 


First, the Microsoft Adaptive Mouse comes with a customizable Adaptive Mouse Tail and Thumb Support to make the essential gadget lighter and more portable. Plus, it even took into consideration the need to switch from right to left-handedness, with the thumb support accessory able to change according to which hand is used. 



Next, the company created the Microsoft Adaptive Hub, which will allow users to transform traditional keyboards into one with a central hub and wireless buttons. Each hub can connect with up to four Microsoft Adaptive Buttons, and works together with assistive tech switches and different button toppers—including a d-pad, joystick, or dual button—for further ease of use. 



These accessories are scheduled to debut in the fall. Microsoft says it can’t wait to “welcome the disability community and all into the Inclusive Tech Lab as we learn and build technology that will empower more people to work, play, and create.” 



Check out how they work in the video below.


 



 


 


 


[via TechRadar and Microsoft, images via Microsoft]

Categories: World News

How to Avoid Being Overwhelmed by Your Side Projects

Wed, 05/11/2022 - 10:55

Side projects are a natural fit for web designers. They offer a chance to do something out of the ordinary and sharpen your skills. It can be a great way to further your career.

And they are often a lot of fun to work on. At least, in the beginning. In reality, small hobbies started with good intentions can get out of hand before you know it. They have the potential to become overwhelming.

For some designers, having a side project “blow up” is a good thing. It may even lead to a full-time gig. But that’s the rare exception – not the rule.

Indeed, many find that the fun disappears when the project starts to feel like hard work. At that point, it’s less of a hobby and more of a burden. Who asked for that?

It’s a common experience. But there are some ways to ensure that your side project doesn’t take over your life. Let’s explore the balance required to keep these little kittens from becoming big, angry lions.

Understand Who You Are

Personalities play a big role in our projects. For example, some designers are never satisfied with their work. Others are content in saying that something they created is “good enough.”

Therefore, it’s important to think about your personality when deciding whether or not to start up a side project. If you’re one to obsess over every last detail, that may be a warning sign of what’s to come.

That’s not to say you shouldn’t move forward. But it is worth considering how a gig will impact you. Will it take time away from your primary work? What kind of emotional investment is required? What’s the ultimate goal?

While there’s danger in overthinking the possibilities, these are still good questions to ask yourself. Finding the answers will help you determine whether you’re ready and willing to take on the challenge.

How In-Depth Is the Project?

The type of side project you choose is also a factor. Some are naturally more in-depth than others. Because of that, it’s good to have a mental picture of what’s involved.

Let’s say that you want to start a new open-source CSS framework. This might be a great way to enhance your understanding of the language while showing your creative side. However, releasing any tool to be used by others has a certain amount of responsibility with it.

Handling routine maintenance and user support takes effort. Best practices also change over time and require vigilance. Thus, there’s a long-term commitment to this type of project.

A blog, on the other hand, might be a little more relaxed. You could go days or weeks without writing – then pick up again whenever you want.

Not all projects are created equally – nor do they require the same amount of work. If you choose one that could keep you busy, understand what you’re getting into before you start.

To Go Public…or Not

No rule says your side project has to be in the public space. And there are some real advantages to limiting your potential audience.

Building something for friends, family, or just yourself likely means it’s a labor of love. The project feels more personal. Thus, you can avoid the pitfalls that come with trying to attract and support a user base.

It’s also an effective means of saving some money. You might even host your project on a local WordPress installation – which only costs you a few megabytes of storage.

Besides, nothing says that you can’t go bigger in the future. Starting small provides you with a chance to see how much you enjoy the project. If things work out, great. If not, then hopefully it was a valuable learning experience.

If you don’t have a desire to create the next worldwide phenomenon, don’t worry. There’s great joy in simply tinkering on your own.

Find a Side Project That’s a Perfect Fit

A side project can be very beneficial. It’s an opportunity to do something you enjoy and learn a few things along the way. And the sheer variety of options available to web designers makes the experience all the more exciting.

But like anything else, it’s wise to think about a project before you jump in. Consider how it fits with your personality and what kind of commitment it requires. In addition, define your potential audience and what it will take to serve them.

These factors all play a role in how well a project will fulfill your needs. Ask yourself: what will make this project fun? If all the stars are aligned – go for it. Otherwise, there’s no harm in heading back to the drawing board.

Remember that a side project is about pleasing yourself first. Anything short of that may not be worth your time.

The post How to Avoid Being Overwhelmed by Your Side Projects appeared first on Speckyboy Design Magazine.

Categories: World News

The ultimate realization

Wed, 05/11/2022 - 10:43

I have used Gentoo for 2 years. Own dwm-config, own kernel, own make.conf etc etc. Now I am back on Windows and I realize that its way better than Linux because it just works. 90% market share for a reason.

submitted by /u/menschelein
[visit reddit] [comments]
Categories: World News

Which Linux version for minecraft server?

Wed, 05/11/2022 - 10:43

Hi i am thinking about setting up my own minecraft server and have been told its smatter to set it up on Linux becouse it will impact the performance in A better way. I have never used Linux before and are kind of a noob in coding. So as a start I whould like to hear which version of Linux which is best for a minecraft server

submitted by /u/1VegardS1
[visit reddit] [comments]
Categories: World News

Red hat, subscription and Opensource

Wed, 05/11/2022 - 10:43

Hello, before I dive a little deeper into Linux (not saying deep, just I little deeper) I was sure that Red hat is public Opensource project, and subscription just gives you customer support that is crucial for many corporate system. But searching more about possibility to use Red Hat for free without customer support, or just cloning it's respiratory and building it locally I came to the conclusion that Red hat source is not publicly available and only possible way to use it for free is to register with developer account, and for most products there are two tiers of subscription one with support and cheaper one without it. So payment is required to use it at all, even without support (let's not talk about this developer accounts)

So I assume (but it is pure guess) red hat uses model where product needs to be paid in order to use and source code is not publicly available, but they can still call it Opensource, because paid customers gain access to code.

I don't present it as a bad thing, I'm just not sure if I got it correctly, and would be thankful if someone could correct me, because most of this post are just my guesses.

Another thing that interest me is that, red hat i widely respected and haven't heard about Linus roasting red hat team like he roasted GrSecurity. Is it because red hat developers work a lot on Linux kernel and try to upstream their patches improving Opensource kernel for everyone, when GrSecurity keeps their patches to kernel private and don't upstream anything, not bringing much to Opensource community.

Or is it just that Red hat keeps their not kennel parts accessible for paid customers only, while GrSecurity keeps private patches to Kernel?

submitted by /u/Olfeath
[visit reddit] [comments]
Categories: World News

Is LEGO Doing Away With Paper Instruction Manuals Completely?

Wed, 05/11/2022 - 09:44

Image ID 238005423 © via Stepan Popov | Dreamstime.com

 


A report from Brick Fanatics has highlighted a peculiar trend evident in LEGO’s recent releases: paper-free instruction manuals.



According to the site, the new LEGO CITY Mission sets will not come with the usual flip-through manuals. Rather, fans will be asked to use a smartphone or tablet to follow along with an interactive story guide as they build the creation. 



Furthermore, in the LEGO Star Wars The Mandalorian’s N-1 Starfighter set, builders noted that the cover of the instruction booklet wasn’t as polished as the typical quality associated with the brand, which some interpreted as less consideration being given to physical manuals. 



The move from paper manuals to a paperless, internet-based experience doesn’t seem too far-fetched, considering the brand’s growing efforts towards sustainability. LEGO could see this as a way to reduce its environmental footprint, especially with how thick some of these booklets are for larger creations.



Plus, with the introduction of its 3D building instructions, fans could find it easier when they’re able to zoom in and rotate the model as they follow along, as opposed to static instructions on a page that may not always be the clearest. 



Will long-time fans rue the loss of LEGO’s paper manuals? Or will they embrace the digital age and explore new, more interactive ways of building their creations with 3D guides? We’ll have to wait and see. 


 


 


 


[via Brick Fanatics and LEGO, cover image via Stepan Popov | Dreamstime.com]

Categories: World News

My Top 7 Favorite Branding & Logo Books

Wed, 05/11/2022 - 09:43

Looking for Branding & Logo Books? This article includes the top 7 Branding & Logo Books.

I was recently asked to join the Amazon Influencer Program, which basically is a way for ‘influencers’ to get their own customizable Amazon page, to recommend products to their followers.

I took this opportunity to recommend some books and other items in my Amazon shop, so go check it out.

» Browse my Amazon shop

Or read on below for my top picks. These would be the books I would choose if I had to start my library fresh.

My Top 7 Favorite Branding & Logo Books Designing Brand Identity

If I had to choose one book, it would be this one because it’s the best ‘all-rounder’ on the topic of design & branding. In their words, it’s the “best-selling toolkit for creating, building, and maintaining a strong brand”.

 

The Designing Brand Identity is a comprehensive, practical, and easy-to-understand resource for all brand builders globally. An essential reference for creating and implementing a complete brand identity system.

 

Learn More

Sale Designing Brand Identity: An Essential Guide for the Whole Branding Team
  • Hardcover Book
  • Wheeler, Alina (Author)
  • English (Publication Language)
  • 336 Pages - 10/24/2017 (Publication Date) - Wiley (Publisher)
$40.87 Buy on Amazon

Logo: The Reference Guide to Symbols and Logotypes

For a purely ‘logo inspiration’ book, then this would be my top pick. There are 1200 logos inside this tomb, sorted into 75 categories. An essential for any logo lover.

 

A complete, taxonomical look at the history, development, and style of identity design is presented here in Logo: The Reference Guide to Symbols and Logotypes. 

Learn More

Sale 321 Reviews Logo: The Reference Guide to Symbols and Logotypes (Corporate Identity Book, Branding Reference for...
  • Laurence King Publishing
  • Evamy, Michael (Author)
  • English (Publication Language)
  • 352 Pages - 02/10/2015 (Publication Date) - Laurence King Publishing (Publisher)
$12.02 Buy on Amazon

The Ultimate Guide to Logo Design

Kyle Courtright’s ebook is the “definitive guide to logo design”, with 90 pages detailing every facet of logo & brand identity design, but in delivered in a concise manner that you can actually understand, perfect for both beginners & professionals.

JUST Creative readers can get $10 (35% off) the book, making it just $19. Use coupon code ‘JUST10OFF’ at checkout

Learn More

Hello, My Name Is Awesome: How to Create Brand Names That Stick

The best brand naming guide available. Period. A quick, good read.

Learn More

Sale 414 Reviews Hello, My Name Is Awesome: How to Create Brand Names That Stick
  • Berrett-Koehler Publishers
  • Watkins, Alexandra (Author)
  • English (Publication Language)
  • 112 Pages - 09/15/2014 (Publication Date) - Berrett-Koehler Publishers (Publisher)
$10.51 Buy on Amazon

Logolounge Book Series: The World’s Premier Logo Showcase

The Logolounge series is the longest running logo inspiration series and the best in my opinion. The logos featured inside this series are the creme of the crop and book 10 is no exception, with 2500 logos inside, selected by an international jury.

Learn more

 

Thinking with Type: A Critical Guide for Designers, Writers, Editors, & Students

Knowledge of type is essential for effective visual communication in branding and logo design and this book teaches you the basics and then some.

Learn More

Sale Thinking with type: A Critical Guide for Designers, Writers, Editors, & Students
  • Lupton, Ellen (Author)
  • English (Publication Language)
  • 224 Pages - 09/01/2010 (Publication Date) - PRINCETON ARCHITECTURAL PRESS (Publisher)
$14.71 Buy on Amazon

The Logo Design Idea Book by Steven Heller

The Logo Design Idea Book” by Steven Heller is a new 128-page book (mid-2019), which features 50 fairly high profile logos (and a smaller number of obscure logos) sorted by categories, and a short history and/or story on each mark.

It features one of my favorite logos, the BP logo. Not because I love oil conglomerates, but because it is the perfect example of the POWER of logo design. The bright, fresh, vibrancy of the mark communicates energy and the blooming flower shape evokes environmentalism which is far from the truth when it comes to oil companies. And that’s how branding and visual communication can morph the perception in a consumer’s mind!

If you want a quick reference to 50 high-quality logo designs and WHY they work, this is for you!

Learn More

The Logo Design Idea Book: (Logo Beginners Guide, Logo Design Basics, Visual Branding Book)
  • Heller, Steven (Author)
  • English (Publication Language)
  • 128 Pages - 08/06/2019 (Publication Date) - Laurence King Publishing (Publisher)
$17.81 Buy on Amazon

Browse my Amazon shop

For more of my recommendations, check out my Amazon Shop.

» Browse my Amazon shop

» Browse my Amazon shop

See here for The Ultimate List of The Best Logo Design Resources.
Categories: World News

YouTube Now Lets You Stream Full Seasons Of TV Shows For Free

Thu, 03/24/2022 - 06:29

Image via YouTube

 


Looking to jump into the booming streaming industry, YouTube has announced it will be allowing users stateside to stream full seasons of ad-supported television shows, including Hell’s Kitchen, Heartland, and Unsolved Mysteries.



In total, the online video platform will offer 4,000 episodes at its initial launch, adding to the existing 1,500 movies available to stream for free. Many of the titles are available in 1080p, with 5.1 surround-sound audio on supported devices.



By offering full seasons of binge-worthy television, YouTube no doubt hopes to increase the amount of time users spend on its network. In fact, the platform said it has already reached over 135 million people via smart televisions in the country in the past year. 


 



Image via YouTube

 


Furthermore, to make for a better viewing experience, the site said it would be unveiling a new streamlined navigation system and banner art, intended to make finding new shows—be it to rent, purchase, or watch with ads—a more intuitive task. 



In the future, the platform says users can look forward to up to 100 new titles each week, all of which can be accessed via its website, mobile app, or smart televisions.


 


 


 


[via Engadget and YouTube, images via YouTube]

Categories: World News

Any Linux desktop environment has foldable screen in the plan?

Thu, 03/24/2022 - 05:30

ThinkPad X1 Fold has been out for a while and Windows support for it sucks. ASUS is building another foldable laptop. There are rumors that Apple is also building a big screen foldable device. It seems like foldable screens are the future. So I'm wondering if there is any Linux desktop environment has foldable device support in mind? If Linux can support it better than Windows or even MacOS (suppose there are Linux drivers for these screens), it could be one of the killer features of Linux desktop.

submitted by /u/tech-geech
[visit reddit] [comments]
Categories: World News

Wardian

Thu, 03/24/2022 - 04:34
Categories: World News

"ValueError: realpath(): Argument #1 ($path) must not contain any null bytes in realpath()" (webform) when sending attachment

Thu, 03/24/2022 - 04:02

I am trying to send attachment when I submit a webform using Mime Mail mailer as a formatter and PHPMailer SMTP as sender in Mail System. When I include PDF attachment on the email, I get this error message:

The website encountered an unexpected error. Please try again later. ValueError: realpath(): Argument #1 ($path) must not contain any null bytes in realpath() (line 139 of core/lib/Drupal/Core/File/FileSystem.php).**

Here is what's in line 139

public function realpath($uri) { // If this URI is a stream, pass it off to the appropriate stream wrapper. // Otherwise, attempt PHP's realpath. This allows use of this method even // for unmanaged files outside of the stream wrapper interface. if ($wrapper = $this->streamWrapperManager->getViaUri($uri)) { return $wrapper->realpath(); //line 139 } return realpath($uri); }

I have never changed anything since I installed the module. What is going wrong in here?

Categories: World News

How can I customize an admin view template from a custom module?

Thu, 03/24/2022 - 04:02

In Drupal 9 I've created a view with a page display that has a path of /admin/content/noun. The Format is Table. Now I'd like to override the table template with views-view-table--the-view-name--the-display-id.html.twig. The view's path means the view is displayed in the admin theme. Where do I put the template?

Creating a subtheme of claro doesn't work. Customizing web/core/themes/claro/templates/classy/views/views-view-table.html.twig works, but that's hacking core.

Categories: World News

Cannot set path alias to "/"

Thu, 03/24/2022 - 04:02

I have a weird use case where I need to specifically set the path alias of my home page to "/". I am creating a Gatsby site and the pages are auto generated based completely off of the Drupal path alias. So If I have a path alias of "/about", the /about page will get generated in Gatsby. The problem is that for my home page, I cannot set the path alias to just "/" in Drupal. If I try doing that on the actual node edit page, it gets stripped out on save and becomes null. Same thing if I try to go the URL aliases admin page and try to manually set it there for my node page. If I try to just put "/", it gets stripped out there also. I am successfully able to add that path alias as my "Default front page" in "System > Basic site settings". If I add it there it does not get wiped out on save, however now my home page just becomes a 404 page because it cannot find a page with a path alias of "/". I know this is possible to do somehow because the Drupal/Gatsby youTube tutorial I was following is doing this and it shows the Drupal admin with a path alias of just / for his homepage. I contacted that developer and he said he doesn't remember how he was able to get that to happen and doesn't remember needing to do anything specific to allow for that. I am using Docksal for my local site and I also have a Pantheon site running the same codebase and database and I can't set it in either of those sites. I am running the latest version of D9 (9.3.9). Can anyone think of a reason I cannot do this? I'm wondering if I need to create a custom module to make this happen or something? Or if I just need to apply some kind of Drupal core patch?

Categories: World News

A Closer Look at the LAPSUS$ Data Extortion Group

Thu, 03/24/2022 - 03:59

Microsoft and identity management platform Okta both this week disclosed breaches involving LAPSUS$, a relatively new cybercrime group that specializes in stealing data from big companies and threatening to publish it unless a ransom demand is paid. Here’s a closer look at LAPSUS$, and some of the low-tech but high-impact methods the group uses to gain access to targeted organizations.

First surfacing in December 2021 with an extortion demand on Brazil’s Ministry of Health, LAPSUS$ made headlines more recently for posting screenshots of internal tools tied to a number of major corporations, including NVIDIA, Samsung, and Vodafone.

On Tuesday, LAPSUS$ announced via its Telegram channel it was releasing source code stolen from Microsoft. In a blog post published Mar. 22, Microsoft said it interrupted the LAPSUS$ group’s source code download before it could finish, and that it was able to do so because LAPSUS$ publicly discussed their illicit access on their Telegram channel before the download could complete.

One of the LAPSUS$ group members admitted on their Telegram channel that the Microsoft source code download had been interrupted.

“This public disclosure escalated our action allowing our team to intervene and interrupt the actor mid-operation, limiting broader impact,” Microsoft wrote. “No customer code or data was involved in the observed activities. Our investigation has found a single account had been compromised, granting limited access. Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk.”

While it may be tempting to dismiss LAPSUS$ as an immature and fame-seeking group, their tactics should make anyone in charge of corporate security sit up and take notice. Microsoft says LAPSUS$ — which it boringly calls “DEV-0537” — mostly gains illicit access to targets via “social engineering.” This involves bribing or tricking employees at the target organization or at its myriad partners, such as customer support call centers and help desks.

“Microsoft found instances where the group successfully gained access to target organizations through recruited employees (or employees of their suppliers or business partners),” Microsoft wrote. The post continues:

“DEV-0537 advertised that they wanted to buy credentials for their targets to entice employees or contractors to take part in its operation. For a fee, the willing accomplice must provide their credentials and approve the MFA prompt or have the user install AnyDesk or other remote management software on a corporate workstation allowing the actor to take control of an authenticated system. Such a tactic was just one of the ways DEV-0537 took advantage of the security access and business relationships their target organizations have with their service providers and supply chains.”

The LAPSUS$ Telegram channel has grown to more than 45,000 subscribers, and Microsoft points to an ad that LAPSUS$ posted there offering to recruit insiders at major mobile phone providers, large software and gaming companies, hosting firms and call centers.

Sources tell KrebsOnSecurity that LAPSUS$ has been recruiting insiders via multiple social media platforms since at least November 2021. One of the core LAPSUS$ members who used the nicknames “Oklaqq” and “WhiteDoxbin” posted recruitment messages to Reddit last year, offering employees at AT&T, T-Mobile and Verizon up to $20,000 a week to perform “inside jobs.”

LAPSUS$ leader Oklaqq a.k.a. “WhiteDoxbin” offering to pay $20,000 a week to corrupt employees at major mobile providers.

Many of LAPSUS$’s recruitment ads are written in both English and Portuguese. According to cyber intelligence firm Flashpoint, the bulk of the group’s victims (15 of them) have been in Latin America and Portugal.

“LAPSUS$ currently does not operate a clearnet or darknet leak site or traditional social media accounts—it operates solely via Telegram and email,” Flashpoint wrote in an analysis of the group. “LAPSUS$ appears to be highly sophisticated, carrying out increasingly high-profile data breaches. The group has claimed it is not state-sponsored. The individuals behind the group are likely experienced and have demonstrated in-depth technical knowledge and abilities.”

Microsoft said LAPSUS$ has been known to target the personal email accounts of employees at organizations they wish to hack, knowing that most employees these days use some sort of VPN to remotely access their employer’s network.

“In some cases, [LAPSUS$] first targeted and compromised an individual’s personal or private (non-work-related) accounts giving them access to then look for additional credentials that could be used to gain access to corporate systems,” Microsoft wrote. “Given that employees typically use these personal accounts or numbers as their second-factor authentication or password recovery, the group would often use this access to reset passwords and complete account recovery actions.”

In other cases, Microsoft said, LAPSUS$ has been seen calling a target organization’s help desk and attempting to convince support personnel to reset a privileged account’s credentials.

“The group used the previously gathered information (for example, profile pictures) and had a native-English-sounding caller speak with the help desk personnel to enhance their social engineering lure,” Microsoft explained. “Observed actions have included DEV-0537 answering common recovery prompts such as “first street you lived on” or “mother’s maiden name” to convince help desk personnel of authenticity. Since many organizations outsource their help desk support, this tactic attempts to exploit those supply chain relationships, especially where organizations give their help desk personnel the ability to elevate privileges.”

LAPSUS$ recruiting insiders via its Telegram channel.

SIM-SWAPPING PAST SECURITY

Microsoft said LAPSUS$ also has used “SIM swapping” to gain access to key accounts at target organizations. In a fraudulent SIM swap, the attackers bribe or trick mobile company employees into transferring a target’s mobile phone number to their device. From there, the attackers can intercept any one-time passwords sent to the victim via SMS or phone call. They can also then reset the password for any online account that allows password resets via a link sent over SMS.

“Their tactics include phone-based social engineering; SIM-swapping to facilitate account takeover; accessing personal email accounts of employees at target organizations; paying employees, suppliers, or business partners of target organizations for access to credentials and multifactor authentication (MFA) approval; and intruding in the ongoing crisis-communication calls of their targets,” Microsoft wrote.

Allison Nixon is chief research officer at Unit 221B, a cybersecurity consultancy based in New York that closely tracks cybercriminals involved in SIM-swapping. Working with researchers at security firm Palo Alto Networks, Nixon has been tracking individual members of LAPSUS$ prior to their forming the group, and says the social engineering techniques adopted by the group have long been abused to target employees and contractors working for the major mobile phone companies.

“LAPSUS$ may be the first to make it extremely obvious to the rest of the world that there are a lot of soft targets that are not telcos,” Nixon said. “The world is full of targets that are not used to being targeted this way.”

Microsoft says LAPSUS$ also has been known to gain access to victim organizations by deploying the “Redline” password-stealing malware, searching public code repositories for exposed passwords, and purchasing credentials and session tokens from criminal forums.

That last bit is interesting because Nixon said it appears at least one member of LAPSUS$ also was involved in the intrusion at game maker Electronic Arts (EA) last year, in which extortionists demanded payment in exchange for a promise not to publish 780 GB worth of source code. In an interview with Motherboard, the hackers claimed to have gained access to EA’s data after purchasing authentication cookies for an EA Slack channel from a dark web marketplace called Genesis.

“The hackers said they used the authentication cookies to mimic an already-logged-in EA employee’s account and access EA’s Slack channel and then trick an EA IT support staffer into granting them access to the company’s internal network,” wrote Catalin Cimpanu for The Record.

Why is Nixon convinced LAPSUS$ was behind the EA attack? The “WhiteDoxbin/Oklaqq” identity referenced in the first insider recruitment screenshot above appears to be the group’s leader, and it has used multiple nicknames across many Telegram channels. However, Telegram lumps all aliases for an account into the same Telegram ID number.

Back in May 2021, WhiteDoxbin’s Telegram ID was used to create an account on a Telegram-based service for launching distributed denial-of-service (DDoS) attacks, where they introduced themself as “@breachbase.” News of EA’s hack last year was first posted to the cybercriminal underground by the user “Breachbase” on the English-language hacker community RaidForums, which was recently seized by the FBI.

WHO IS LAPSUS$?

Nixon said WhiteDoxbin — LAPSUS$’s apparent ringleader — is the same individual who last year purchased the Doxbin, a long-running, text-based website where anyone can post the personal information of a target, or find personal data on hundreds of thousands who have already been “doxed.”

Apparently, Doxbin’s new owner failed to keep the site functioning smoothly, because top Doxbin members had no problems telling WhiteDoxbin how unhappy they were with his stewardship.

“He wasn’t a good administrator, and couldn’t keep the website running properly,” Nixon said. “The Doxbin community was pretty upset, so they started targeting him and harassing him.”

Nixon said that in January 2022, WhiteDoxbin reluctantly agreed to relinquish control over Doxbin, selling the forum back to its previous owner at a considerable loss. However, just before giving up the forum, WhiteDoxbin leaked the entire Doxbin data set (including private doxes that had remain unpublished on the site as drafts) to the public via Telegram.

The Doxbin community responded ferociously, posting on WhiteDoxbin perhaps the most thorough dox the community had ever produced, including videos supposedly shot at night outside his home in the United Kingdom.

According to the denizens of Doxbin, WhiteDoxbin started out in the business of buying and selling zero-day vulnerabilities, security flaws in popular software and hardware that even the makers of those products don’t yet know about.

“[He] slowly began making money to further expand his exploit collection,” reads his Doxbin entry. “After a few years his net worth accumulated to well over 300BTC (close to $14 mil).”

WhiteDoxbin’s Breachbase identity on RaidForums at one point in 2020 said they had a budget of $1 million in bitcoin with which to buy zero-day flaws in Github, Gitlab, Twitter, Snapchat, Cisco VPN, Pulse VPN and other remote access or collaboration tools.

“My budget is $100000 in BTC,” Breachbase told Raidforums in October 2020. “Person who directs me to someone will get $10000 BTC. Reply to thread if you know anyone or anywhere selling this stuff. NOTE: The 0day must have high/critical impact.”

KrebsOnSecurity is not publishing WhiteDoxbin’s alleged real name because he is a minor (currently aged 17), and because this person has not officially been accused of a crime. Also, the Doxbin entry for this individual includes personal information on his family members.

Nixon said that prior to launching LAPSUS$, WhiteDoxbin was a founding member of a cybercriminal group calling itself the “Recursion Team.” According to the group’s now-defunct website, they mostly specialized in SIM swapping targets of interest and participating in “swatting” attacks, wherein fake bomb threats, hostage situations and other violent scenarios are phoned in to police as part of a scheme to trick them into visiting potentially deadly force on a target’s address.

“The team is made up of Cyber-enthusiasts who major in skills including security penetration, software development, and botting,” reads the now-defunct Recursion Team website. “We plan to have a bright future, and we hope you do too!”

Categories: World News

Portfolio question

Thu, 03/24/2022 - 03:58

Is it okay to link to your Adobe/figma files where your projects live? I don’t have any live sites (that I’m proud of)

I’ve seen somebody do this and really liked the idea. On top of showing off your design skills, it gives people insight into how you organize your work, and shows your proficiency in the softwares you will be using day to day.

submitted by /u/CritcizeMe
[visit reddit] [comments]
Categories: World News

Просто хороший хостинг