Los expertos han advertido que los piratas informáticos han logrado robar información confidencial de sistemas cerrados pertenecientes a varios gobiernos europeos al menos en tres ocasiones distintas.
Nuevo informe de ESET. Explicó cómo el actor de amenazas, llamado GoldenJackal, es un sofisticado grupo de ciberespionaje conocido por atacar a gobiernos del sur de Asia y Europa durante los últimos cinco años.
Los sistemas de espacio de aire parecen ser su especialidad interna, apuntándolos con unidades USB. La afiliación de GoldenJackal aún no está clara, pero se sospecha que es un grupo patrocinado por el estado, probablemente de Europa del Este o Asia. Un sistema de antena es una computadora o dispositivo de red que está físicamente aislado de redes no seguras, como Internet, para evitar el acceso no autorizado y mejorar la seguridad. Sin embargo, los estafadores pudieron robar datos de estos puntos finales mediante la autoimplementación. malware.
chacal dorado
De acuerdo a pitidocomputadoraHasta ahora, se ha observado que GoldenJackal atacó la embajada de un país del sur de Asia en Bielorrusia en dos ocasiones: una en septiembre de 2019 y otra en julio de 2021. También se observó que perseguía a una organización gubernamental europea entre mayo de 2022 y marzo de 2024.
El ataque comienza con una unidad USB infectada con malware. Vale la pena señalar que el grupo ha creado múltiples variantes para diferentes víctimas, lo que, para los expertos de ESET, es un testimonio del ingenio del grupo. En algunos casos se utilizó un malware llamado GoldenDealer y en otros, GoldenAce.
Este malware tiene la tarea de copiarse a sí mismo, junto con otro malware, en dispositivos sellados al aire, una vez que se conecta una unidad USB. Otro malware incluye una puerta trasera llamada GoldenHowl y una herramienta de robo de información llamada GoldenRobo (o GoldenUsbCopy y GoldenUsbGo, respectivamente). . La tarea de este último es copiar documentos, imágenes, claves de cifrado, archivos de configuración de OpenVPN y otros datos importantes a un directorio oculto en una unidad USB.
Luego, cuando vuelves a conectar la unidad USB a un dispositivo conectado a Internet, el malware envía todo lo que robó al servidor C2.
Suscríbase al boletín TechRadar Pro para recibir las principales noticias, opiniones, características y orientación que su empresa necesita para tener éxito.
Regardless of what you need, there is an app for that. In fact, there are 1.81 million apps on Apple’s App Store in 2024, according to Business of Apps. This growing trend has spread from our pockets to our businesses with more adoption of Software as a Service (SaaS) and cloud computing. The average company has 371 SaaS applications, while IDC found companies spent $315.5 billion on public cloud services during the first half of 2023.
All of this software and all of these applications are made by humans, and people, notoriously, make mistakes. Mistakes in software development increase the likelihood of attacks, which leads to security incidents. Multiply these risks by the size of your tech stack, and keeping your environment secure seems nearly impossible.
Identify problems early
To ease some of the risk and security burden, find the issues earlier in the software development process. This is called a “shift-left” concept as it involves running security scans and reviews earlier in the software development life cycle (SDLC). Scanning software in the continuous integration/continuous deployment (CI/CD) pipeline flags problems that need attention before they become vulnerable to attackers. By finding bugs, misconfigurations, or vulnerabilities earlier, you can also fix them sooner and at a lower cost than when those same issues are running in production applications or are part of software that is deployed to thousands or millions of real-world assets.
Though the concept of shift-left security has been discussed as a best practice for the past few years, it does not appear to be well implemented. Data from the Sysdig 2024 Cloud-Native Security and Usage Report found that scans on production systems failed more often than those in the CI/CD build pipeline. The report identified 91% of production scan policy failures, while CI/CD scans failed at 71%. CI/CD scans take place before production runtime scans, so any failures captured in the CI/CD build pipeline should be corrected before they are scanned in runtime. So why are we seeing such a high failure rate during runtime if the shift-left concept is the best practice?
Crystal Morin
Cybersecurity Strategist, Sysdig.
Making changes to your processes
First and foremost, improving collaboration between teams rather than just addressing security requirements alone will almost always prove to be more effective and sustainable. In the eyes of a developer, shift-left requires added responsibilities for fixes and changes without additional assistance. For them, shifting left may look more like a workload increase than a change in approach that can reduce security risks.
To overcome this hurdle and make shift-left processes work, security personnel must understand how their developer colleagues actually work in practice. Do the applications they build follow traditional design principles, are they cloud-native applications built to be distributed, immutable, and ephemeral (DIE), or is there a combination of builds in transition from traditional to cloud-native?
By better understanding how complex their environments and application builds are at the core, security teams can help developers navigate what risks exist in their applications and how to prioritize and mitigate the biggest threats before they’re realized in production. This should include determining how significant the risk is to your organization and environment, and what steps are required to mitigate the risk. This process ensures that developers can focus on any changes they have to make where they are needed the most, such as exploitable critical vulnerabilities or misconfigurations.
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Similarly, security teams and their tools can also flag where wasted components or permissions might be included in standard container images. Developers often use software containers or machine images as standardized templates for deployment. If those templates contain out-of-date components, however, every use of that template will be flagged as an additional security risk. Updating developer workload templates will reduce the number of security alerts and risks and minimize repetitive work efforts.
Improve security before production
Ideally, software containers are meant to be immutable. This means that a workload does not change during runtime. Container drift, or modification and updates made to a container while in production, often triggers security alerts but is common practice for developers. If developers restrain themselves from workload modifications during runtime (drift control), security teams can have more sensitive and higher fidelity detections set for container drift, indicating potentially malicious activity instead of development noise.
Runtime scans are more accurate in highlighting security issues that are active in a production environment. These scans keep the security issues closer to the security team rather than passing off security problems to developers. Problems that exist in production environments have the potential to negatively impact business operations.
Long-term security gains
We all rely on software and applications in our daily lives and our organizations. This software must be kept secure. We can improve its security by shifting left and keeping to the “secure-by-design” mantra. Software and applications that are built securely have less attack risk and will cause fewer policy scan failures, reducing the security burden on both security and developer teams.
In practice, security teams need to work with developers to indicate where those potential risks exist and how they can be removed. At the same time, developers can educate security teams and collaborate with them to stop issues from getting into code or infrastructure components. This teamwork, and sharing common goals, will improve overall software quality and security across entire organizations.
This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
Well, if weight here is being used as a proxy for sex or gender, a larger woman would need the higher dose; a smaller man a lower dose. So why would you just not use weight as the measure for what dose a person should get? That would be a much more effective way of deciding. But because we collect data along certain lines and not others, then guidelines get written along certain lines and not others.
To give another example, sometimes women’s pain is not fully appreciated when they come forward. Women are statistically more likely to go to a doctor when in pain compared to a man. But then common myths and assumptions start to emerge: “It’s not that serious.” “She’s being hysterical.”
So there are lots of things to pick apart here. It’s the picking apart that we often don’t bother with. We just see a difference, and then that gets ascribed to something without us really knowing what the root cause is.
So how can we get better at picking apart sex differences and sexism to reduce the gender health gap?
For me, it’s about taking medicine to the next level of investigation, which is at the level of the social determinants of health. Many of the things that kill most of us have a huge social or environmental component. Things like diet, stress, the way that we are treated in society.
It’s only relatively recently that research started to be done into the impact of sexism and racism on health, and the impact of other social factors. The job that you do, your status as a married person or not, these can also have health outcomes.
So there’s all these little pieces where research is needed, and it’s an ongoing project. It’s not as though you’ll only do a study once into the effects of being married or being a stay-at-home wife on your health. Because those social factors are always changing.
Sex and gender is an aspect of this social story. But it’s important to understand where it can be appropriately invoked. Sometimes gender is relevant, sometimes it’s not. Sometimes sex matters, sometimes it doesn’t.
What’s standing in the way of things getting better?
Well, research funding agencies are much more interested in looking inside our bodies for explanations for why things are as they are. The outside world is much more difficult to study, because social circumstances are always changing. They can be very different between households, even within households. It’s much harder to collect data on social circumstances.
But we’re at the stage where we can learn so much from people’s mobile phones tracking their activity. Data is being collected on what people are eating, their movements, how active they are. Eventually we’ll be able to build personalized pictures of people, and stop generalizing about people in groups and assuming that they’re typical of that group, and then understand them as a complex individual.
Who is making progress on understanding and closing the gender health gap?
Sarah Richardson’s team at Harvard University—she runs the GenderSci Lab—has done incredible work breaking down the causes of gender health disparities. They’re getting medical researchers to think very carefully about the context of the conditions that they’re investigating.
The team did brilliant work during the pandemic. At the beginning there were all these very wild claims about gender differences with the virus—for instance, that women were protected because on average they have a stronger immune system. They showed that if you looked at the data this didn’t really hold up. They helped dispel this very pseudoscientific assumption that the virus was hitting all populations uniformly, and helped end the neglect of demographic patterns as a factor in Covid, the kind of jobs that people were doing, who were frontline workers, and so on.
This work around sex contextualism, as Richardson calls it, is a really compelling model for how to think about sex and gender in research.
Hear Angela Saini speak at the 10th anniversary of WIRED Health on March 19 at Kings Place, London. Get tickets at health.wired.com.
As technology changes how different generations interact and learn, digital connections are bridging the generational gap. The way that people interact across generations has been transformed by social media, video chat applications, and online forums. This article examines how technology affects the transition between generations, providing insightful analysis and useful advice.
Key Takeaways
Social media platforms let users of all ages interact and share experiences.
Apps for video chat allow for in-person conversations and cross-generational learning.
Online communities bring people together who have similar interests, promoting interactions between generations.
To fully benefit from technology, older individuals must embrace it and be taught digital literacy.
Digital connections enable older people to access information, social engagement, entertainment, health monitoring, and personal development.
Influence of Social Media
Social media platforms bring people of all ages together and promote relationships, hobbies, and information sharing. Here are some fascinating statistics about the generational divide and social media:
A Pew Research Center research found that 72% of those 50 to 64 and 43% of people 65 and older use social media often.
Social media has given grandparents a new way to interact with their grandkids, stay updated on their lives, and share memories.
Seniors may use social media sites like Facebook and Instagram as digital scrapbooks to tell their life stories to younger generations.
Using Video Chat Applications
Intergenerational communication has been transformed by video chat applications, which allow face-to-face encounters regardless of distance. Here are some intriguing examples of how generational gaps are being closed via video chat apps:
Even if they are separated by a great distance, grandparents may now use video chats to give bedtime tales to their grandkids.
Grandchildren who are computer-savvy are providing older elders with tech help via video chat applications, fostering a reciprocal learning experience.
Families that are geographically separated may virtually gather to celebrate key occasions while sharing meals and making priceless memories.
Communities Online for All Ages
Online communities have emerged as a shelter for intergenerational relationships, enabling individuals of all ages to interact around common interests. Take a look at these amazing characteristics of internet communities:
People of various ages may connect on websites and forums devoted to hobbies like gardening or photography to share expertise, advice, and tales.
Because they are more digitally savvy, younger generations can help elderly people.
Intergenerational communication and connection are fostered via online support groups.
The probate procedure in Arizona involves the distribution of assets and settlement of obligations after a person’s passing. It includes submitting required paperwork to the probate court, valuing the deceased’s possessions, notifying and paying creditors, and distributing leftover assets to recipients. To ensure a successful probate process and compliance with legal requirements, consulting an experienced attorney, who is familiar with the procedure and the Arizona Long Term Care System, is crucial. They can provide guidance and support in navigating the complexities of probate, ensuring a fair distribution of assets according to the deceased’s wishes or applicable laws.
The Advantages of Digital Connectivity for Seniors
Older individuals now have many advantages thanks to technology, which has improved their quality of life and given them newfound authority. The following are some major benefits of digital connectivity for elderly people:
Access to knowledge: Older individuals have access to a lot of knowledge thanks to the internet. They can pursue lifelong learning, discover new interests, keep up with current affairs, and investigate matters pertaining to their health.
Social Interaction: Seniors may fight social isolation by maintaining contact with friends, family, and communities thanks to digital links. Online forums and social media sites offer opportunities for deep conversations and a sense of community.
Recreation and entertainment: Older folks have a variety of entertainment alternatives, including virtual tours, internet games, and streaming services. They are able to watch their preferred films, play games, visit virtual museums, and interact with people who have similar interests.
Health surveillance: Older individuals may now measure their vital signs, manage their prescription regimens, and use telehealth services from the comfort of their homes thanks to a variety of health monitoring gadgets and applications that technology has developed.
Personal Growth: Older folks can continue their education and develop new abilities through online courses, tutorials, and educational platforms. They can discover new hobbies, pick up information, and take advantage of chances for personal development.
Older folks may live more connected, informed, and satisfying lives by embracing technology and digital relationships.
Final Thoughts
Communication across generations has been transformed by technology, closing the generation gap like never before. By giving them access to information, entertainment, and possibilities for personal development through mediums like social media, video chat applications, and online groups, it has empowered older individuals. It is essential to promote older people’s digital literacy if they are to fully benefit from these developments. Recognizing that technology enhances but does not replace in-person contacts, it is crucial to strike a balance between online and offline encounters. We can encourage intergenerational understanding and build a more connected and inclusive society by appreciating the many viewpoints and experiences that exist throughout the generations.
Employee safety is a crucial aspect of any workplace. While most employers provide a safe environment to work in, some accidents can happen that are not preventable. As an employer, having a policy protects you if your employee is injured at work and decides to sue you. The stop gap employer’s liability coverage comes in handy in such situations. Let’s understand the meaning of stop gap employer’s liability coverage before we get into its importance.
What Is Stop Gap Employers Liability Coverage?
Stop gap employers liability coverage is a policy designed to help if your employee gets a work-related injury or illness and sues you. Its design helps fill the gaps in traditional workers’ coverage and provides you, the employer, additional protection. Stop gap employers liability coverage is required in monopolistic states where workers’ compensation policies don’t include employers liability insurance. This policy can help pay for medical expenses, lost wages, and other related expenses. If you, as the employer, don’t have stop gap employer’s liability coverage, you will pay for these expenses out of your pocket.
The Importance of Stop Gap Employers Liability Coverage
Now that you understand the stop gap employer’s liability coverage, let’s look at the importance of this type of insurance.
Protection from Employee Lawsuits
Generally, a worker’s compensation policy prevents your employee from suing you for workplace injuries. However, you may not be fully insulated from lawsuits from these employees. That’s where a stop gap employer’s liability coverage comes in, providing an extra layer of protection when an employee sues you.
Coverage for Out-of-State Operations
Does your business operate in multiple states? If yes, it’s important to note that workers compensation laws may vary. A stop gap employer’s liability coverage ensures you’re well protected regardless of the state your employee is working in.
Filling Gaps in Workers’ Compensation
As mentioned earlier, stop gap employer liability coverage can help bridge gaps in workers compensation insurance. This ensures your employees receive the necessary compensation for any injuries or illnesses arising from the working environment.
Coverage for Temporary Employees
The stop gap employers liability coverage is important if you frequently hire temporary or contract workers. It not only ensures the workers are fully covered but also protects you against lawsuits from them in the event of injuries sustained at the workplace.
You Can Have Peace of Mind
As an employer, you’re responsible for ensuring your employees work in a safe environment. It’s also vital to keep measures for full compensation in place if they ever sustain work-related injuries. The stop gap employer liability coverage gives you peace of mind knowing your employees are covered. You’ll also not have to worry about legal cases that can arise from not having this insurance in place.
Take Away
Stop gap employer liability coverage is important for any business owner, as it protects you against lawsuits from employees and fills gaps in workers compensation. It also covers temporary employees and protects your financial stability. As a result, you can have peace of mind and concentrate on one crucial task: running your business.