TEIA.RU
Зеленый хостинг ТЭИА

Uptolike

LTCBTC - Bitfinex

Криптоновости

Feed aggregator

Выпуск Kubernetes 1.24, системы управления кластером изолированных контейнеров

Open News - Thu, 05/05/2022 - 19:21
Доступен релиз платформы оркестровки контейнеров Kubernetes 1.24, позволяющей как единым целым управлять кластером из изолированных контейнеров и предоставляющей механизмы для развёртывания, сопровождения и масштабирования выполняемых в контейнерах приложений. Проект изначально был создан компанией Google, но затем переведён на независимую площадку, курируемую организацией Linux Foundation. Платформа позиционируется как развиваемое сообществом универсальное решение, не привязанное к отдельным системам и способное работать с любыми приложениями в любых облачных окружениях. Код Kubernetes написан на языке Go и распространяется под лицензией Apache 2.0.
Categories: Open News

Научная база Web of Science отключила доступ российским вузам

IT Новости - Thu, 05/05/2022 - 15:58
Вице-президент Российской академии наук Алексей Хохлов сообщил, что в российских научных институтах и вузах стала недоступна база Web of Science
читать дальше >>
Categories: World News

Доступен дистрибутив для создания сетевых хранилищ OpenMediaVault 6

Open News - Thu, 05/05/2022 - 08:48
После двух лет с момента формирования прошлой значительной ветки опубликован стабильный релиз дистрибутива OpenMediaVault 6, позволяющего быстро развернуть сетевое хранилище (NAS, Network-Attached Storage). Проект OpenMediaVault основан в 2009 году после раскола в стане разработчиков дистрибутива FreeNAS, в результате которого наряду с основанным на FreeBSD классическим FreeNAS было создано ответвление, разработчики которого поставили перед собой цель перевести дистрибутив на ядро Linux и пакетную базу Debian. Для загрузки подготовлены установочные образы OpenMediaVault для архитектуры x86_64 (868 МБ).
Categories: Open News

Акционеры обвинили Netflix в мошенничестве

IT Новости - Thu, 05/05/2022 - 05:31
Акционеры подали коллективный иск против стримингового сервиса Netflix, обвинив его в мошенничестве. Ранее российские пользователи подали иск в Хамовнический суд Москвы за приостановку работы сервиса в России
читать дальше >>
Categories: World News

Компания Cisco выпустила свободный антивирусный пакет ClamAV 0.105

Open News - Wed, 05/04/2022 - 22:14
Компания Cisco представила новый значительный выпуск свободного антивирусного пакета ClamAV 0.105.0, а также опубликовала корректирующие выпуски ClamAV 0.104.3 и 0.103.6 с исправлением уязвимостей и ошибок. Напомним, что проект перешёл в руки Cisco в 2013 году после покупки компании Sourcefire, развивающей ClamAV и Snort. Код проекта распространяется под лицензией GPLv2.
Categories: Open News

Выпущена анонимная операционная система Tails 5.0

IT Новости - Tue, 05/03/2022 - 18:25
Tails — операционная система, ориентированная на обеспечение приватности и анонимности пользователя. Известна тем, что использовалась Эдвардом Сноуденом
читать дальше >>
Categories: World News

Видео: Windows 11 Insider Preview Build 22610

IT Новости - Tue, 05/03/2022 - 14:45
Microsoft выпустила новую тестовую сборку операционной системы Windows 11 для участников программы предварительной оценки Windows
читать дальше >>
Categories: World News

Приставы решили принудительно взыскать с Google 7 млрд руб. штрафа

IT Новости - Mon, 05/02/2022 - 18:50
Российские судебные приставы открыли исполнительное производство в отношении Google LLC из-за невыплаты штрафа в 7,2 млрд руб.
читать дальше >>
Categories: World News

Финский дата-центр «Яндекса» отключили от электропитания

IT Новости - Sat, 04/30/2022 - 17:51
Дата-центр «Яндекса» в Мянтсяля (Финляндия) был отключен местным поставщиком электроэнергии от основного источника электропитания и переключен на собственный дизельный генератор
читать дальше >>
Categories: World News

Криптобиржа Binance заблокировала аккаунты дочерей Пескова и Лаврова

IT Новости - Sat, 04/30/2022 - 03:50
Binance — крупнейшая по объемам торгов криптобиржа в мире — объявила, что она заблокировала аккаунты родственников российских чиновников
читать дальше >>
Categories: World News

В Госдуму внесли законопроект «О майнинге в РФ»

IT Новости - Fri, 04/29/2022 - 16:13
Если закон будет принят, то в течение года в отношении зарегистрированных в реестре участников майнинга будет действовать «амнистия»
читать дальше >>
Categories: World News

YouTube Now Lets You Stream Full Seasons Of TV Shows For Free

feedspot - Thu, 03/24/2022 - 06:29

Image via YouTube

 


Looking to jump into the booming streaming industry, YouTube has announced it will be allowing users stateside to stream full seasons of ad-supported television shows, including Hell’s Kitchen, Heartland, and Unsolved Mysteries.



In total, the online video platform will offer 4,000 episodes at its initial launch, adding to the existing 1,500 movies available to stream for free. Many of the titles are available in 1080p, with 5.1 surround-sound audio on supported devices.



By offering full seasons of binge-worthy television, YouTube no doubt hopes to increase the amount of time users spend on its network. In fact, the platform said it has already reached over 135 million people via smart televisions in the country in the past year. 


 



Image via YouTube

 


Furthermore, to make for a better viewing experience, the site said it would be unveiling a new streamlined navigation system and banner art, intended to make finding new shows—be it to rent, purchase, or watch with ads—a more intuitive task. 



In the future, the platform says users can look forward to up to 100 new titles each week, all of which can be accessed via its website, mobile app, or smart televisions.


 


 


 


[via Engadget and YouTube, images via YouTube]

Categories: World News

Any Linux desktop environment has foldable screen in the plan?

feedspot - Thu, 03/24/2022 - 05:30

ThinkPad X1 Fold has been out for a while and Windows support for it sucks. ASUS is building another foldable laptop. There are rumors that Apple is also building a big screen foldable device. It seems like foldable screens are the future. So I'm wondering if there is any Linux desktop environment has foldable device support in mind? If Linux can support it better than Windows or even MacOS (suppose there are Linux drivers for these screens), it could be one of the killer features of Linux desktop.

submitted by /u/tech-geech
[visit reddit] [comments]
Categories: World News

Dr.Web CureIt! — бесплатная антивирусна?

Новости Softodrom.ru - Thu, 03/24/2022 - 05:14
Dr.Web CureIt! — бесплатная антивирусная программа на основе ядра антивируса «Доктор Веб»
читать дальше >>
Categories: Open News

Wardian

feedspot - Thu, 03/24/2022 - 04:34
Categories: World News

"ValueError: realpath(): Argument #1 ($path) must not contain any null bytes in realpath()" (webform) when sending attachment

feedspot - Thu, 03/24/2022 - 04:02

I am trying to send attachment when I submit a webform using Mime Mail mailer as a formatter and PHPMailer SMTP as sender in Mail System. When I include PDF attachment on the email, I get this error message:

The website encountered an unexpected error. Please try again later. ValueError: realpath(): Argument #1 ($path) must not contain any null bytes in realpath() (line 139 of core/lib/Drupal/Core/File/FileSystem.php).**

Here is what's in line 139

public function realpath($uri) { // If this URI is a stream, pass it off to the appropriate stream wrapper. // Otherwise, attempt PHP's realpath. This allows use of this method even // for unmanaged files outside of the stream wrapper interface. if ($wrapper = $this->streamWrapperManager->getViaUri($uri)) { return $wrapper->realpath(); //line 139 } return realpath($uri); }

I have never changed anything since I installed the module. What is going wrong in here?

Categories: World News

How can I customize an admin view template from a custom module?

feedspot - Thu, 03/24/2022 - 04:02

In Drupal 9 I've created a view with a page display that has a path of /admin/content/noun. The Format is Table. Now I'd like to override the table template with views-view-table--the-view-name--the-display-id.html.twig. The view's path means the view is displayed in the admin theme. Where do I put the template?

Creating a subtheme of claro doesn't work. Customizing web/core/themes/claro/templates/classy/views/views-view-table.html.twig works, but that's hacking core.

Categories: World News

Cannot set path alias to "/"

feedspot - Thu, 03/24/2022 - 04:02

I have a weird use case where I need to specifically set the path alias of my home page to "/". I am creating a Gatsby site and the pages are auto generated based completely off of the Drupal path alias. So If I have a path alias of "/about", the /about page will get generated in Gatsby. The problem is that for my home page, I cannot set the path alias to just "/" in Drupal. If I try doing that on the actual node edit page, it gets stripped out on save and becomes null. Same thing if I try to go the URL aliases admin page and try to manually set it there for my node page. If I try to just put "/", it gets stripped out there also. I am successfully able to add that path alias as my "Default front page" in "System > Basic site settings". If I add it there it does not get wiped out on save, however now my home page just becomes a 404 page because it cannot find a page with a path alias of "/". I know this is possible to do somehow because the Drupal/Gatsby youTube tutorial I was following is doing this and it shows the Drupal admin with a path alias of just / for his homepage. I contacted that developer and he said he doesn't remember how he was able to get that to happen and doesn't remember needing to do anything specific to allow for that. I am using Docksal for my local site and I also have a Pantheon site running the same codebase and database and I can't set it in either of those sites. I am running the latest version of D9 (9.3.9). Can anyone think of a reason I cannot do this? I'm wondering if I need to create a custom module to make this happen or something? Or if I just need to apply some kind of Drupal core patch?

Categories: World News

A Closer Look at the LAPSUS$ Data Extortion Group

feedspot - Thu, 03/24/2022 - 03:59

Microsoft and identity management platform Okta both this week disclosed breaches involving LAPSUS$, a relatively new cybercrime group that specializes in stealing data from big companies and threatening to publish it unless a ransom demand is paid. Here’s a closer look at LAPSUS$, and some of the low-tech but high-impact methods the group uses to gain access to targeted organizations.

First surfacing in December 2021 with an extortion demand on Brazil’s Ministry of Health, LAPSUS$ made headlines more recently for posting screenshots of internal tools tied to a number of major corporations, including NVIDIA, Samsung, and Vodafone.

On Tuesday, LAPSUS$ announced via its Telegram channel it was releasing source code stolen from Microsoft. In a blog post published Mar. 22, Microsoft said it interrupted the LAPSUS$ group’s source code download before it could finish, and that it was able to do so because LAPSUS$ publicly discussed their illicit access on their Telegram channel before the download could complete.

One of the LAPSUS$ group members admitted on their Telegram channel that the Microsoft source code download had been interrupted.

“This public disclosure escalated our action allowing our team to intervene and interrupt the actor mid-operation, limiting broader impact,” Microsoft wrote. “No customer code or data was involved in the observed activities. Our investigation has found a single account had been compromised, granting limited access. Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk.”

While it may be tempting to dismiss LAPSUS$ as an immature and fame-seeking group, their tactics should make anyone in charge of corporate security sit up and take notice. Microsoft says LAPSUS$ — which it boringly calls “DEV-0537” — mostly gains illicit access to targets via “social engineering.” This involves bribing or tricking employees at the target organization or at its myriad partners, such as customer support call centers and help desks.

“Microsoft found instances where the group successfully gained access to target organizations through recruited employees (or employees of their suppliers or business partners),” Microsoft wrote. The post continues:

“DEV-0537 advertised that they wanted to buy credentials for their targets to entice employees or contractors to take part in its operation. For a fee, the willing accomplice must provide their credentials and approve the MFA prompt or have the user install AnyDesk or other remote management software on a corporate workstation allowing the actor to take control of an authenticated system. Such a tactic was just one of the ways DEV-0537 took advantage of the security access and business relationships their target organizations have with their service providers and supply chains.”

The LAPSUS$ Telegram channel has grown to more than 45,000 subscribers, and Microsoft points to an ad that LAPSUS$ posted there offering to recruit insiders at major mobile phone providers, large software and gaming companies, hosting firms and call centers.

Sources tell KrebsOnSecurity that LAPSUS$ has been recruiting insiders via multiple social media platforms since at least November 2021. One of the core LAPSUS$ members who used the nicknames “Oklaqq” and “WhiteDoxbin” posted recruitment messages to Reddit last year, offering employees at AT&T, T-Mobile and Verizon up to $20,000 a week to perform “inside jobs.”

LAPSUS$ leader Oklaqq a.k.a. “WhiteDoxbin” offering to pay $20,000 a week to corrupt employees at major mobile providers.

Many of LAPSUS$’s recruitment ads are written in both English and Portuguese. According to cyber intelligence firm Flashpoint, the bulk of the group’s victims (15 of them) have been in Latin America and Portugal.

“LAPSUS$ currently does not operate a clearnet or darknet leak site or traditional social media accounts—it operates solely via Telegram and email,” Flashpoint wrote in an analysis of the group. “LAPSUS$ appears to be highly sophisticated, carrying out increasingly high-profile data breaches. The group has claimed it is not state-sponsored. The individuals behind the group are likely experienced and have demonstrated in-depth technical knowledge and abilities.”

Microsoft said LAPSUS$ has been known to target the personal email accounts of employees at organizations they wish to hack, knowing that most employees these days use some sort of VPN to remotely access their employer’s network.

“In some cases, [LAPSUS$] first targeted and compromised an individual’s personal or private (non-work-related) accounts giving them access to then look for additional credentials that could be used to gain access to corporate systems,” Microsoft wrote. “Given that employees typically use these personal accounts or numbers as their second-factor authentication or password recovery, the group would often use this access to reset passwords and complete account recovery actions.”

In other cases, Microsoft said, LAPSUS$ has been seen calling a target organization’s help desk and attempting to convince support personnel to reset a privileged account’s credentials.

“The group used the previously gathered information (for example, profile pictures) and had a native-English-sounding caller speak with the help desk personnel to enhance their social engineering lure,” Microsoft explained. “Observed actions have included DEV-0537 answering common recovery prompts such as “first street you lived on” or “mother’s maiden name” to convince help desk personnel of authenticity. Since many organizations outsource their help desk support, this tactic attempts to exploit those supply chain relationships, especially where organizations give their help desk personnel the ability to elevate privileges.”

LAPSUS$ recruiting insiders via its Telegram channel.

SIM-SWAPPING PAST SECURITY

Microsoft said LAPSUS$ also has used “SIM swapping” to gain access to key accounts at target organizations. In a fraudulent SIM swap, the attackers bribe or trick mobile company employees into transferring a target’s mobile phone number to their device. From there, the attackers can intercept any one-time passwords sent to the victim via SMS or phone call. They can also then reset the password for any online account that allows password resets via a link sent over SMS.

“Their tactics include phone-based social engineering; SIM-swapping to facilitate account takeover; accessing personal email accounts of employees at target organizations; paying employees, suppliers, or business partners of target organizations for access to credentials and multifactor authentication (MFA) approval; and intruding in the ongoing crisis-communication calls of their targets,” Microsoft wrote.

Allison Nixon is chief research officer at Unit 221B, a cybersecurity consultancy based in New York that closely tracks cybercriminals involved in SIM-swapping. Working with researchers at security firm Palo Alto Networks, Nixon has been tracking individual members of LAPSUS$ prior to their forming the group, and says the social engineering techniques adopted by the group have long been abused to target employees and contractors working for the major mobile phone companies.

“LAPSUS$ may be the first to make it extremely obvious to the rest of the world that there are a lot of soft targets that are not telcos,” Nixon said. “The world is full of targets that are not used to being targeted this way.”

Microsoft says LAPSUS$ also has been known to gain access to victim organizations by deploying the “Redline” password-stealing malware, searching public code repositories for exposed passwords, and purchasing credentials and session tokens from criminal forums.

That last bit is interesting because Nixon said it appears at least one member of LAPSUS$ also was involved in the intrusion at game maker Electronic Arts (EA) last year, in which extortionists demanded payment in exchange for a promise not to publish 780 GB worth of source code. In an interview with Motherboard, the hackers claimed to have gained access to EA’s data after purchasing authentication cookies for an EA Slack channel from a dark web marketplace called Genesis.

“The hackers said they used the authentication cookies to mimic an already-logged-in EA employee’s account and access EA’s Slack channel and then trick an EA IT support staffer into granting them access to the company’s internal network,” wrote Catalin Cimpanu for The Record.

Why is Nixon convinced LAPSUS$ was behind the EA attack? The “WhiteDoxbin/Oklaqq” identity referenced in the first insider recruitment screenshot above appears to be the group’s leader, and it has used multiple nicknames across many Telegram channels. However, Telegram lumps all aliases for an account into the same Telegram ID number.

Back in May 2021, WhiteDoxbin’s Telegram ID was used to create an account on a Telegram-based service for launching distributed denial-of-service (DDoS) attacks, where they introduced themself as “@breachbase.” News of EA’s hack last year was first posted to the cybercriminal underground by the user “Breachbase” on the English-language hacker community RaidForums, which was recently seized by the FBI.

WHO IS LAPSUS$?

Nixon said WhiteDoxbin — LAPSUS$’s apparent ringleader — is the same individual who last year purchased the Doxbin, a long-running, text-based website where anyone can post the personal information of a target, or find personal data on hundreds of thousands who have already been “doxed.”

Apparently, Doxbin’s new owner failed to keep the site functioning smoothly, because top Doxbin members had no problems telling WhiteDoxbin how unhappy they were with his stewardship.

“He wasn’t a good administrator, and couldn’t keep the website running properly,” Nixon said. “The Doxbin community was pretty upset, so they started targeting him and harassing him.”

Nixon said that in January 2022, WhiteDoxbin reluctantly agreed to relinquish control over Doxbin, selling the forum back to its previous owner at a considerable loss. However, just before giving up the forum, WhiteDoxbin leaked the entire Doxbin data set (including private doxes that had remain unpublished on the site as drafts) to the public via Telegram.

The Doxbin community responded ferociously, posting on WhiteDoxbin perhaps the most thorough dox the community had ever produced, including videos supposedly shot at night outside his home in the United Kingdom.

According to the denizens of Doxbin, WhiteDoxbin started out in the business of buying and selling zero-day vulnerabilities, security flaws in popular software and hardware that even the makers of those products don’t yet know about.

“[He] slowly began making money to further expand his exploit collection,” reads his Doxbin entry. “After a few years his net worth accumulated to well over 300BTC (close to $14 mil).”

WhiteDoxbin’s Breachbase identity on RaidForums at one point in 2020 said they had a budget of $1 million in bitcoin with which to buy zero-day flaws in Github, Gitlab, Twitter, Snapchat, Cisco VPN, Pulse VPN and other remote access or collaboration tools.

“My budget is $100000 in BTC,” Breachbase told Raidforums in October 2020. “Person who directs me to someone will get $10000 BTC. Reply to thread if you know anyone or anywhere selling this stuff. NOTE: The 0day must have high/critical impact.”

KrebsOnSecurity is not publishing WhiteDoxbin’s alleged real name because he is a minor (currently aged 17), and because this person has not officially been accused of a crime. Also, the Doxbin entry for this individual includes personal information on his family members.

Nixon said that prior to launching LAPSUS$, WhiteDoxbin was a founding member of a cybercriminal group calling itself the “Recursion Team.” According to the group’s now-defunct website, they mostly specialized in SIM swapping targets of interest and participating in “swatting” attacks, wherein fake bomb threats, hostage situations and other violent scenarios are phoned in to police as part of a scheme to trick them into visiting potentially deadly force on a target’s address.

“The team is made up of Cyber-enthusiasts who major in skills including security penetration, software development, and botting,” reads the now-defunct Recursion Team website. “We plan to have a bright future, and we hope you do too!”

Categories: World News

Portfolio question

feedspot - Thu, 03/24/2022 - 03:58

Is it okay to link to your Adobe/figma files where your projects live? I don’t have any live sites (that I’m proud of)

I’ve seen somebody do this and really liked the idea. On top of showing off your design skills, it gives people insight into how you organize your work, and shows your proficiency in the softwares you will be using day to day.

submitted by /u/CritcizeMe
[visit reddit] [comments]
Categories: World News

Просто хороший хостинг