surveillance security cameras: October 2023

Tuesday, October 31, 2023

Evil Week: Keep Your Snacks Out of Your Family's Filthy Paws

Welcome to Evil Week, our annual dive into all the slightly sketchy hacks we’d usually refrain from recommending. Want to weasel your way into free drinks, play elaborate mind games, or, er, launder some money? We’ve got all the info you need to be successfully unsavory.

Halloween gives everyone the excuse to demolish some candy. Adults without kids, like myself, feel encouraged to celebrate with a bag of their favorite candy. Turns out, the other people in your household like it as well, and for some reason they’re bold enough to eat it, or ask for it. This brings a greater, year-long problem to light: how everyone in your house creeps on your personal snacks. Enough! In the name of keeping your hard-earned, comforting, sanity-giving snacks safe, you must deceive your household.

Keep your enemies close

Whether it’s your significant other, young children, teenagers, or roommates, the folks in your house always want what you have. You can even buy them their own snacks, and without fail, their wandering eyes will fall upon your precious goodies. The most effective way to trick them into leaving your snacks alone lies in first being a good observer.

Know their palate

Everyone has flavor preferences: ingredients and spices they love and abhor. If you’re really lucky, they’ll have dietary restrictions or allergies. Capitalize on this knowledge. Either buy the snacks that actually have ingredients or flavors they don’t like or can’t eat, or lie about it. If your nephew has a nut allergy and asks what you’re eating, just woefully tell him it contains nuts, or was made in a factory that processes nuts. Sorry, kiddo.

Folks that are spicy-food avoiders are easy to trick, too. My boyfriend hates spicy food and dairy, so any savory food I don’t want to share is “really spicy, wow.” Sweet treats are definitely packed with cream. Heavy cream. The heaviest. Keep your ears open for any time your family or roommates talk about foods they don’t like, or flavors that gross them out. Then, use this knowledge to help yourself.

Hide and sneak

Sometimes your snacks will get snatched before you even get a chance to lie about them. You’ll need to hide your snacks.

Once you’ve lived with someone for a while—let’s say more than six months—you’ll begin to see their patterns in the house. Where they go a lot, sometimes, and never. It doesn’t have to be an entire room that they avoid; it can be a small drawer, maybe an obscure cabinet, or box. This is where you hide your snacks. Maybe your significant other doesn’t like to squat down. You should store your snacks in the back of the low cabinets in your home. You might see that your kids never go into the pots and pans drawers, or your brother never opens the liquor cabinet. Stash your snacks there. And please, never get your snacks from this secret place when others are in the room.

Play dress up

Maybe you’re in a small space, or your household is especially devoid of hiding spots and you can’t find a good hidden snack zone. It’s time to put your snacks in costume. Hide your snacks inside of alternative packaging. Put the Doritos inside the bag of the cauliflower chips your kids hate. You can basically eat those in plain sight because they won’t mess with those gross chips. The only lady in the house? Keep your peanut butter M&Ms in a box of tampons. Tuck the dark chocolate peanut butter cups into an emptied edamame bag in the freezer.

If you can, use multiple techniques all at once. That way if you get caught, you can laugh it off like it was a one-time thing and rely on your other secrets. When enough time has passed, definitely go ahead and use all of your methods in tandem again.

from Lifehacker https://ift.tt/VXRBWQH

LogRhythm collaborates with D3 Security to help security teams identify behavioral anomalies

LogRhythm announced its partnership with D3 Security. This partnership brings together LogRhythm Axon SIEM and D3 Smart SOAR’s incident enrichment and response capabilities, providing security teams with a powerful, integrated solution to streamline their security operations.

As cybersecurity threats continue to evolve and multiply, it is imperative that organizations have the tools and capabilities to respond effectively,” said Andrew Hollister, CISO of LogRhythm. “Our partnership with D3 Security represents a significant step forward in empowering security teams to navigate the complexities of today’s threat landscape with confidence. By combining LogRhythm Axon SIEM with D3 Smart SOAR’s automation and orchestration capabilities, we are enabling security professionals to focus on what matters most: protecting their organizations.”

LogRhythm Axon SIEM, a cloud-native platform, seamlessly integrates with D3 Smart SOAR, enabling the management of alert queues, automated response actions, and content within the Smart SOAR platform. This integration allows for the orchestration of automated response playbooks across LogRhythm Axon SIEM and many other tools. Key benefits of this partnership include:

Rapid cross-stack response: LogRhythm Axon SIEM alerts can trigger automated response actions orchestrated by D3 Smart SOAR, ensuring rapid incident resolutions.
Automated alert triage and enrichment: Incident response workflows are automated, removing repetitive manual tasks like data enrichment and correlation.
Centralized management: Managed security service providers (MSSPs) can efficiently oversee multiple customer instances of LogRhythm Axon SIEM from a single interface within D3 Smart SOAR, eliminating the need to switch between multiple screens.

The partnership also assists with content management for MSSPs across multiple LogRhythm Axon SIEM tenants within the D3 Smart SOAR platform. Instead of managing content individually, users can utilize playbooks to automate the ingestion and deployment of configurations such as analytic rules, searches, dashboards, and reports.

Additionally, health monitoring can be seamlessly integrated into this workflow, automating the process of generating a case in LogRhythm Axon SIEM if a collected log source was not received. This workflow specifically ingests logs related to various technologies, including firewalls and endpoints, and ensures that the ingestion process is functioning correctly.

“Cybersecurity professionals face the challenge of rapidly detecting, mitigating, and responding to threats while navigating a complex and diverse array of information and technology tools,” said Amardeep Dhingra, Director – Strategic Alliances at D3 Security. “That is why LogRhythm and D3 Security are united in their mission to help organizations worldwide enhance visibility and defend against modern cyber threats. This integration of D3 Smart SOAR with LogRhythm Axon SIEM brings unparalleled efficiency to security teams, freeing them from mundane tasks and enabling them to focus on high-priority threats.”

from Help Net Security https://ift.tt/eVvPBfr

Monday, October 30, 2023

All the Stuff in Your Home You Should Be Testing for Voltage

If you’ve ever experienced even a mild electrical shock, you know how powerful—and frightening—it can be. There are more than 50,000 electrical fires in the U.S. every year, and close to 400 people are electrocuted annually. Even if getting a dose of voltage doesn’t kill you, it’s not a pleasant experience, and being shocked can cause injuries or even death in other ways—by knocking you off a ladder, for example.

Most experienced homeowners know better than to mess with any sort of electricity without turning off the appropriate circuit breaker (or main), or to simply call a licensed electrician instead of trying to DIY a project that can burn your house down, kill you, or both. But electricity is a funny thing—if it finds a circuit it can flow through, it will. This means you can occasionally discover a painful (or even lethal) amount of voltage in unexpected places. Here’s the stuff in your home you should occasionally test using a volt meter or multimeter to ensure they’re not filled with deadly electrical current.

Outlets, switches, appliances

Let’s start with the obvious stuff. The outlets in your walls are designed to deliver electricity, so it shouldn’t be surprising if they’re hot. But they should also be supplying the expected voltage (110 to 120 volts), and they should be properly grounded to prevent accidents and injury. Light switches should also be tested once a year or so to ensure that frayed wiring isn’t delivering voltage to the plate.

Your lamps and appliances can also deliver a shock if grounding wires become detached or frayed insulation brings wiring into contact with the metal shell. If you use your appliances regularly, you can probably assume they’re not sizzling death traps. But if you have appliances you don’t come into contact with on a regular basis—that old fridge in the garage, or a sump pump in the crawl space—an occasional test to make sure they’re not conducting is a good idea.

Gutters

It is surprisingly not uncommon for the metal gutters on your house to start delivering potentially deadly levels of voltage. This is most often the result of a fastener screw or nail piercing a wire behind the facade of the house or under the roof, but can also be caused by incidental contact with power lines somewhere out of sight. Checking your gutters for electrical current before you clean them out or do any other work around them is a very good idea.

Ladders

If you have a metal ladder, you should do a quick test with a volt meter or multimeter after you deploy it outside the home. Ladders can come into contact with power lines, and if other parts of the house—those gutters, for instance—are hot, a metal ladder that touches them can bring the party to you. Better to take five seconds to test it in order to avoid being that kid from Jurassic Park.

Electrical panel

Whenever there’s a problem with the electricity in your house, whether it’s a power loss or a repair that requires the juice to be cut off, you head for the electrical panel to turn off the main or the appropriate breaker. The metal housing that surrounds your panel is there to protect you, but if the panel is not in great shape it can become electrified and deliver a potentially dangerous shock. If you’re having an electrical issue, take a second to test the panel enclosure before you touch it.

Water pipes

If you have older metal water pipes, contact with a hot wire somewhere in the basement or crawl space (or in the walls) can turn them into an exciting trip to the emergency room. Testing the pipes in your home once a year to ensure this hasn’t happened can save you a lot of trouble—and a lot of pain.

Chances are you won’t have any problems with your house becoming an electrified death trap—but considering that multimeters and other electrical testing devices aren’t too expensive, doing a quick test of your home once a year or before any DIY project is well worth it.

from Lifehacker https://ift.tt/zJ0mkxr

You Can Automatically (Temporarily) Disable Your Apple Music Listening History

Photo: sdx15 (Shutterstock)

If multiple people in your household use your Apple Music account, chances are your recommendations are all messed up. Since Apple Music’s algorithms use your listening history to suggest music you might like, other people can easily “corrupt” your history by bringing their preferences into your account.

Up to this point, Apple Music’s workaround was to switch off listening history on each device. On your iPhone or iPad, head to Settings > Music and disable Use Listening History, and on other platforms, head to the in-app settings for Music or Apple Music. For your HomePod, you can use the Home app to stop listening history.

This comes with its own problems. If you disable listening history, Apple Music stops recording play counts; its recommendations go haywire as it has no data to refer to; and your Apple Music Replay year-end playlists are affected. You’ll have to remember to re-enable listening history each time to avoid messing up this data. It’s not ideal.

How to automatically disable Apple Music listening history

Luckily, there’s now a way to automate this process. In iOS 17.2, currently in beta testing, there’s a new feature that lets you stop logging listening history when you activate a specific Focus. Better yet, since you can set up a Focus to automatically trigger based on a given situation, you can rest easy knowing listening history will toggle on and off when you want it to. If you play classical music or instrumental tracks to fall asleep to, but don’t want them recorded in your listening history, your Sleep Focus can take care of that.

Once you’ve updated to iOS 17.2, you can go to Settings > Focus, select any Focus, scroll down and tap Add Filter. Here, pick Apple Music and disable listening history. Once the Focus Mode is enabled, Apple Music will not remember listening history. The moment it’s disabled, the service will start tracking the songs you play once again.

from Lifehacker https://ift.tt/apfAYSz

Sunday, October 29, 2023

IoT’s convenience comes with cybersecurity challenges

The rapid proliferation of Internet of Things (IoT) devices has ushered in a new era of connectivity and convenience, transforming the way we live and work. However, this interconnectivity has also given rise to a host of cybersecurity challenges and vulnerabilities.

Protecting the vast and diverse array of IoT devices, from smart home appliances to industrial sensors, has become an imperative in safeguarding data, privacy, and critical infrastructure.

In this Help Net Security round-up, we present segments from previously recorded videos in which security experts discuss IoT cybersecurity and the pressing concerns it poses for businesses and individuals alike.

Complete videos

Paul Keely, Chief Cloud Officer at Open Systems, talks about how organizations that employ IoT technology have improved their business efficiency.
Denny LeCompte, CEO at Portnox, discusses how IoT has been difficult to profile accurately and why zero trust strategies fail when applied to IoT.
J.R. Cunningham, CSO at Nuspire, discusses IoT cybersecurity concerns for 2023.

from Help Net Security https://ift.tt/UdDEswK

Today’s NYT Connections Hints (and Answer) for Monday, October 30, 2023

This one was half easy, half tricky for me; I got the first two groups in a HEARTBEAT and then nearly PANICked trying to figure out the rest. If you’re looking for the Connections answer for Monday, October 30, 2023, read on—I’ll share some clues, tips, and strategies, and finally the solutions to all four categories. Along the way, I’ll explain the meanings of the trickier words and we’ll learn how everything fits together. Beware, there are spoilers below for October 30, NYT Connections #141! Read on if you want some hints (and then the answer) to today’s Connections game.

If you want an easy way to come back to our Connections hints every day, bookmark this page. You can also find our past hints there as well, in case you want to know what you missed in a previous puzzle.

Below, I’ll give you some oblique hints at today’s Connections answers. And farther down the page, I’ll reveal the themes and the answers. Scroll slowly and take just the hints you need!

Does today’s Connections game require any special knowledge?

There’s a category here that’s based on a game. If you haven’t played that game, you might just need to figure out that category by the process of elimination.

Hints for the themes in today’s Connections puzzle

Here are some spoiler-free hints for the groupings in today’s Connections:

Yellow category - Let me try a holiday-appropriate hint: trick or tweet?
Green category - Quick!
Blue category - I’m not playing games with you here...
Purple category - Press it.

Does today’s Connections game involve any wordplay?

There’s a fill-in-the-blank for the purple category.

Ready to hear the answers? Keep scrolling if you want a little more help.

BEWARE: Spoilers follow for today’s Connections puzzle!

We’re about to give away some of the answers. Scroll slowly if you don’t want the whole thing spoiled. (The full solution is a bit further down.)

What are the ambiguous words in today’s Connections?

WING, WINK, and WIND are all in different categories today.
WING and TALON are parts of a flying creature, but it’s not a DRAGON.
The FLASH is a fast superhero, but today we’re using the word metaphorically.
You can SNOOZE in bed, but today you might want to think about the SNOOZE function on your alarm.

What are the categories in today’s Connections?

Yellow: BIRD FEATURES
Green: BLINK OF AN EYE
Blue: MAHJONG TILES
Purple: ____ BUTTON

DOUBLE BEWARE: THE SOLUTION IS BELOW

Ready to learn the answers to today’s Connections puzzle? I give them all away below.

What are the yellow words in today’s Connections?

The yellow grouping is considered to be the most straightforward. The theme for today’s yellow group is BIRD FEATURES and the words are: BEAK, FEATHER, TALON, WING.

What are the green words in today’s Connections?

The green grouping is supposed to be the second-easiest. The theme for today’s green category is BLINK OF AN EYE and the words are: FLASH, HEARTBEAT, SECOND, WINK.

What are the blue words in today’s Connections?

The blue grouping is the second-hardest. The theme for today’s blue category is MAHJONG TILES and the words are: BAMBOO, DRAGON, SEASON, WIND.

What are the purple words in today’s Connections?

The purple grouping is considered to be the hardest. The theme for today’s purple category is ____ BUTTON and the words are: BELLY, HOT, PANIC, SNOOZE.

How I solved today’s Connections

About half the words appeared to belong to flying creatures, with the DRAGONs and TALONs and all, but I boldly selected four as being birdlike: BEAK, FEATHER, TALON, WING. I was right. 🟨 (I normally do a little more due diligence. This definitely could have gone much more poorly.)

In a FLASH, in a WINK, in a SECOND, in a HEARTBEAT. Another set of gut feelings that panned out for me. 🟩

It took me a minute to get the next one. Why would PANIC be here? Why would BELLY be here? I thought about the SNOOZE button on an alarm clock and then I got it: HOT button rounded out the group. 🟪

The last one was a mystery to me. I have played mahjong, some digital at least, but don’t quiz me on the rules. BAMBOO, SEASON, DRAGON, and WIND are among the tiles. 🟦

Connections 
Puzzle #141
🟨🟨🟨🟨
🟩🟩🟩🟩
🟪🟪🟪🟪
🟦🟦🟦🟦

How to play Connections

I have a full guide to playing Connections, but here’s a refresher on the rules:

First, find the Connections game either on the New York Times website or in their Crossword app. You’ll see a game board with 16 tiles, each with one word or phrase. Your job is to select a group of four tiles that have something in common. Often they are all the same type of thing (for example: RAIN, SLEET, HAIL, and SNOW are all types of wet weather) but sometimes there is wordplay involved (for example, BUCKET, GUEST, TOP TEN, and WISH are all types of lists: bucket list, guest list, and so on).

Select four items and hit the Submit button. If you guessed correctly, the category and color will be revealed. (Yellow is easiest, followed by green, then blue, then purple.) If your guess was incorrect, you’ll get a chance to try again.

You win when you’ve correctly identified all four groups. But if you make four mistakes before you finish, the game ends and the answers are revealed.

How to win Connections

The most important thing to know to win Connections is that the groupings are designed to be tricky. Expect to see overlapping groups. For example, one puzzle seemed to include six breakfast foods: BACON, EGG, PANCAKE, OMELET, WAFFLE, and CEREAL. But BACON turned out to be part of a group of painters along with CLOSE, MUNCH, and WHISTLER, and EGG was in a group of things that come by the dozen (along with JUROR, ROSE, and MONTH). So don’t hit “submit” until you’ve confirmed that your group of four contains only those four things.

If you’re stuck, another strategy is to look at the words that seem to have no connection to the others. If all that comes to mind when you see WHISTLER is the painting nicknamed “Whistler’s Mother,” you might be on to something. When I solved that one, I ended up googling whether there was a painter named Close, because Close didn’t fit any of the obvious themes, either.

Another way to win when you’re stuck is, obviously, to read a few helpful hints–which is why we share these pointers every day. Check back tomorrow for the next puzzle!

from Lifehacker https://ift.tt/L2IHru6

How to Locate and Clean Your Washing Machine's Filter

You’re probably familiar with the lint trap on your dryer, and, ideally, clean it after every load of laundry. But did you know that your washing machine has a filter, too? If that’s news to you, that probably means yours has never been cleaned. But don’t worry: Once you know where to find it, it’s a pretty easy job. Here’s what to know.

How to find your washing machine’s filter

Before removing the filter, make sure your washing machine is turned off—with all knobs in the “off” position—and unplugged.

The most straightforward way to locate your washing machine’s filter is to check the owner’s manual. If you no longer have yours—or inherited the appliances from the previous owners when you purchased your home—you should be able to find it online.

How to find your owner’s manual online

Start by searching for the manufacturer + your washer’s model number—which is typically located on a sticker either inside the door, or on the back. If that doesn’t work, you can try looking it up on dedicated sites like Manualsonline.com or Manual Owl. In addition to showing you where the filter is located on your machine, the manual may also provide information on how—and how often—you should clean it.

How to find the filter based on the type of washer

Though every model is different, certain types of washing machines tend to have filters in the same spots:

Top-loading machines: In the center of the agitator (unscrew it), on the top rim of the washer tub (a screen you can pull out), or at the end of the drainage hose
Front-loading machines: Usually on the front of the appliance (though sometimes on the back) and concealed by a hatch
Newer, high-efficiency machines: These typically don’t have a filter

How to clean your washing machine’s filter

Have an empty bucket and some rags ready when you remove the filter, because it’s probably going to be full of gross water, wet lint, and who knows what else. Once the filter is out, remove anything left in the filter compartment—it might help to shine a flashlight inside the area for a better view.

Next, remove as much of the gunk and debris from the filter as you can, then thoroughly rinse it with clean, warm water. Use an old toothbrush, sponge, rag, and/or cotton swabs to clean any parts of the filter that are still dirty, using a solution of mild dish soap and warm water, or a solution of half water and half white vinegar. When the gunk is gone, rinse the filter in clean, warm water, then dry it with a lint-free cloth.

So the filter doesn’t get dirty again immediately, Barbara Costello, better known as “Brunch with Babs” on social media, suggests spraying the inside of the filter compartment with white vinegar and letting it dry before replacing the filter. She also recommends cleaning your washing machine’s filter four times a year. It may sound like a lot, but keep in mind that it’ll probably never be as gross as it was this first time.

from Lifehacker https://ift.tt/tqwM3Ox

Week in review: VMware patches critical vulnerability, 1Password affected by Okta breach

Week in review

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

GOAD: Vulnerable Active Directory environment for practicing attack techniques
Game of Active Directory (GOAD) is a free pentesting lab. It provides a vulnerable Active Directory environment for pen testers to practice common attack methods.

“Disappearing” implants, followed by first fixes for exploited Cisco IOS XE zero-day
Cisco has released the first fixes for the IOS XE zero-day (CVE-2023-20198) exploited by attackers to ultimately deliver a malicious implant.

1Password also affected by Okta Support System breach
Following in the footsteps of BeyondTrust and CloudFlare, 1Password has revealed that it has been affected by the Okta Support System breach.

Roundcube webmail zero-day exploited to spy on government entities (CVE-2023-5631)
The Winter Vivern APT group has been exploiting a zero-day vulnerability (CVE-2023-5631) in Roundcube webmail servers to spy on email communications of European governmental entities and a think tank, according to ESET researchers.

Quishing: Tricks to look out for
QR code phishing – aka “quishing” – is on the rise, according to HP, Darktrace, Malwarebytes, AusCERT, and many others.

Microsoft announces wider availability of AI-powered Security Copilot
Microsoft Security Copilot has been made available to a larger number of enterprise customers, via an invitation-only Early Access Program.

VMware patches critical vulnerability in vCenter Server (CVE-2023-34048)
VMware has fixed a critical out-of-bounds write vulnerability (CVE-2023-34048) and a moderate-severity information disclosure flaw (CVE-2023-34056) in vCenter Server, its popular server management software.

Apple news: iLeakage attack, MAC address leakage bug
A group of researchers has developed a side-channel attack exploiting Apple A-series or M-series CPUs’ speculative execution capability to extract sensitive information (such as autofilled passwords or Gmail inbox content) when a Safari user lands on a specially crafted webpage.

How passkeys are changing the face of authentication
As passwordless identity becomes mainstream, the term “passkey” is quickly becoming a new buzzword in cybersecurity. But what exactly is a passkey and why do we need them?

Navigating OT/IT convergence and securing ICS environments
In this Help Net Security video, Christopher Warner, Senior GRC-OT Security Consultant at GuidePoint Security, discusses securing the control systems environment, as well as creating a cybersecurity roadmap.

Wazuh: Free and open-source XDR and SIEM
Wazuh is an open-source platform designed for threat detection, prevention, and response. It can safeguard workloads in on-premises, virtual, container, and cloud settings.

Bracing for AI-enabled ransomware and cyber extortion attacks
As businesses scramble to take the lead in operationalizing AI-enabled interfaces, ransomware actors will use it to scale their operations, widen their profit margins, and increase their likelihood of pulling off successful attacks.

Strategies to overcome cybersecurity misconceptions
In this Help Net Security video, Kevin Kirkwood, Deputy CISO at LogRhythm, stresses that one of the most significant pitfalls is the assumption that their defenses are “good enough.”

What is operational risk and why should you care? Assessing SEC rule readiness for OT and IoT
The reactive nature of cybersecurity has led to a reality in which boards and executive leaders attempt to mitigate risk by tasking security teams to avoid risk.

The primary pain points for SOC teams
Security professionals want to pursue high-impact work, but they’re being held back by growing workloads, shrinking budgets, and a worsening skills shortage, according to Tines.

OT cyber attacks proliferating despite growing cybersecurity spend
The sharp increase in attacks on operational technology (OT) systems can be primarily attributed to two key factors: the escalating global threats posed by nation-state actors and the active involvement of profit-driven cybercriminals (often sponsored by the former).

Only a fraction of risk leaders are prepared for GenAI threats
While 93% of companies recognize the risks associated with using generative AI inside the enterprise, only 9% say they’re prepared to manage the threat, according to Riskonnect.

Raven: Open-source CI/CD pipeline security scanner
Raven (Risk Analysis and Vulnerability Enumeration for CI/CD) is an open-source CI/CD pipeline security scanner that makes hidden risks visible by connecting the dots across vulnerabilities woven throughout the pipeline that, when viewed collectively, reveal a much greater risk than when assessed as one-off CVEs.

New infosec products of the week: October 27, 2023
Here’s a look at the most interesting products from the past week, featuring releases from Darktrace, Data Theorem, Jumio, Malwarebytes, Progress, and Wazuh.

from Help Net Security https://ift.tt/Pml4CId

Saturday, October 28, 2023

Today’s NYT Connections Hints (and Answer) for Sunday, October 29, 2023

I STEWed over this one for a bit, but ultimately I was up to the CHALLENGE, and I’m sure you will be, too. If you’re looking for the Connections answer for Sunday, October 29, 2023, read on—I’ll share some clues, tips, and strategies, and finally the solutions to all four categories. Along the way, I’ll explain the meanings of the trickier words and we’ll learn how everything fits together. Beware, there are spoilers below for October 29, NYT Connections #140! Read on if you want some hints (and then the answer) to today’s Connections game.

Below, I’ll give you some oblique hints at today’s Connections answers. And farther down the page, I’ll reveal the themes and the answers. Scroll slowly and take just the hints you need!

Does today’s Connections game require any special knowledge?

If you’ve played a musical instrument, or if you’ve raised animals, you might pick up on some of these clues faster than the rest of us.

Hints for the themes in today’s Connections puzzle

Here are some spoiler-free hints for the groupings in today’s Connections:

Yellow category - A little bit of everything.
Green category - Up for a debate?
Blue category - Little ones.
Purple category - These can make beautiful music together.

Does today’s Connections game involve any wordplay?

Nope, all of the categories are pretty straightforward.

Ready to hear the answers? Keep scrolling if you want a little more help.

BEWARE: Spoilers follow for today’s Connections puzzle!

We’re about to give away some of the answers. Scroll slowly if you don’t want the whole thing spoiled. (The full solution is a bit further down.)

What are the ambiguous words in today’s Connections?

To FRET is to worry. A FRET is also one of those little lines on the NECK of a guitar.
Your FACE and BODY may seem like they go together, but today they do not.
A STEW can be a soup-like meal, or a verb meaning to fume with anger. Today’s meaning has more in common with the food than the emotion.
A CLUTCH can be the pedal in a stick-shift car (or the transmission machinery it operates). It’s also a word for a small handbag, or a band, or the word for a group of eggs laid at the same time.

Our Bullsnake had a MASSIVE Clutch of Eggs!

What are the categories in today’s Connections?

Yellow: MISHMASH
Green: GO UP AGAINST
Blue: GUITAR PARTS
Purple: GROUP OF OFFSPRING

DOUBLE BEWARE: THE SOLUTION IS BELOW

Ready to learn the answers to today’s Connections puzzle? I give them all away below.

What are the yellow words in today’s Connections?

The yellow grouping is considered to be the most straightforward. The theme for today’s yellow group is MISHMASH and the words are: HASH, JUMBLE, MEDLEY, STEW.

What are the green words in today’s Connections?

The green grouping is supposed to be the second-easiest. The theme for today’s green category is GO UP AGAINST and the words are: CHALLENGE, CONFRONT, FACE, OPPOSE.

What are the blue words in today’s Connections?

The blue grouping is the second-hardest. The theme for today’s blue category is GUITAR PARTS and the words are: BROOD, CLUTCH, HATCH, LITTER.

What are the purple words in today’s Connections?

The purple grouping is considered to be the hardest. The theme for today’s purple category is GROUP OF OFFSPRING and the words are: BODY, BRIDGE, FRET, NECK.

How I solved today’s Connections

I wanted BROOD, LITTER, and CLUTCH to refer to groups of baby animals (or, in the case of CLUTCH, eggs) but I didn’t have a fourth. I thought maybe HATCH counted, but I wasn’t sure. So rather than googling that immediately, I moved on.

Maybe STEW, FRET, and BROOD could be ways of sulking. I couldn’t complete that group, but I did finally see a grouping in CHALLENGE, CONFRONT, OPPOSE, and FACE. 🟩

Next up, I figured what BODY, FRET, and NECK are doing here: they are parts of a stringed instrument, like a guitar or a mandolin. BRIDGE (the part that holds the strings off the BODY) fits as well. 🟪

Next up, STEW, JUMBLE, MEDLEY, and HASH are all mixtures of disparate ingredients. 🟨 And finally I have my baby animals: BROOD, LITTER, CLUTCH, and, yes, HATCH. 🟦

Connections 
Puzzle #140
🟩🟩🟩🟩
🟪🟪🟪🟪
🟨🟨🟨🟨
🟦🟦🟦🟦

How to play Connections

I have a full guide to playing Connections, but here’s a refresher on the rules:

You win when you’ve correctly identified all four groups. But if you make four mistakes before you finish, the game ends and the answers are revealed.

How to win Connections

Another way to win when you’re stuck is, obviously, to read a few helpful hints–which is why we share these pointers every day. Check back tomorrow for the next puzzle!

from Lifehacker https://ift.tt/OTUD04R

Don't Assume a Brand New Car Has No Damage

Part of the process of shopping around for a used car is performing various inspections, including checking for damage. Consequently, part of the allure of buying a brand new car is, at least in theory, that you can skip that part, and don’t have to worry about anything being wrong with the vehicle. No previous owners means no existing problems, right?

Not always, unfortunately. Here’s why you shouldn’t assume that brand new cars are always damage-free.

How could a brand new car be damaged?

It’s important to remember that new cars don’t simply roll off the factory line and directly on to the lot of a car dealership. And that once they’re at the dealership, they’re not covered in bubble wrap and stored in a spacious, climate-controlled garage.

In reality, vehicles manufactured in Europe or Asia, for example, are loaded into containers or transport vessels for the ocean crossing. From there, they’re transported to the dealership by truck, like the vehicles manufactured in North America. Not only is it possible for these vehicles to be damaged in transit, but accidents can happen when they’re moved around and stored at the dealership.

How to check for damage before buying a new car

First and foremost, always inspect a car for damage before signing the sales contract, says Mike Crossen, a mechanic at Consumer Reports’ Auto Test Center. This way, if you do spot some damage, you can insist that the dealership repair or replace the damaged part, and, if they refuse, you can simply walk away from the sale.

As far as inspecting the car, it can be helpful to approach the task as though you were checking for damage or other problems before buying a used car. This previous Lifehacker article walks through the basic steps.

In addition to those, Crossen has a few more suggestions:

Inspect the car in the daylight—ideally, in full sun—so you’re able to see any blemishes in the paint job, wheels, and/or upholstery.
Inspect the car when it’s dry: If it had just rained, or the car was recently washed or sprayed with water, ask someone from the dealership to dry it off. “A watery sheen can hide imperfections,” he says.
Don’t rush: Take all the time you need to fully inspect the vehicle.

What to do if you find damage on a new car

If you do spot some damage, and the salesperson you’ve been working with doesn’t offer an adequate solution, Crossen recommends escalating it to a manager.

“Instead of, say, repainting a small defect, the dealership may offer a discount off the purchase price or some free service at a future date,” he explains in a Consumer Reports article. “It’s up to the car buyer to decide whether or not the terms are acceptable.”

Finally, when you’re satisfied with what the dealership is offering you, always get it in writing before signing the sales contract. Request what’s called a “we-owe”: A document listing the problems with the new vehicle, and exactly what the dealership is going to do to resolve them. Never accept a verbal promise, or a casually written note on a random scrap of paper that could later be disputed.

When composing a we-owe, be as specific as possible—including even the smallest details—and demand that the dealership do the same, says Crossen. For example: “If there’s a problem with the paint, make sure you specify exactly what and where it is on the car, and that the dealership says exactly what they will do to fix it,” he notes.

from Lifehacker https://ift.tt/il0B3Q5

Here's When You Should (and Shouldn't) Use Silicone Grease for Household Projects

Photo: Tricky_Shark (Shutterstock)

When it comes to common household tasks that require a lubricant, many people reach for products like petroleum jelly (e.g. Vaseline), cooking oil spray, or WD-40. And while they’re often effective—at least temporarily—some projects could benefit from silicone grease. Here’s what to know about the lubricant and when to use it.

What is silicone grease?

Silicone grease is a translucent, viscous lubricant made from a combination of silicone oil and a thickening agent. It stands out for being either waterproof or water resistant, and providing excellent resistance against chemicals and UV radiations.

Additionally, silicone grease can be used in a wide range of temperatures (generally from -76°F to 572°F), Plus, it’s relatively inexpensive addition to your toolbox: A tube costs around $5.

When to use silicone grease

Generally speaking, silicone grease provides excellent lubrication between these materials:

Plastic to plastic
Rubber to rubber
Rubber to plastic
Plastic to metal
Rubber to metal

Here are a few more specific household applications for silicone grease:

Lubricating door hinges, window tracks, drawer slides, and other moving parts
Can be applied to rubber gaskets on kitchen appliances to maintain their flexibility and prevent leaks
To condition a worn-out refrigerator gasket (seal)
Applied to O-rings on a sink faucet
Lubricating and conditioning rubber components in cars and other vehicles
Lubricating screw threads to prevent sticking and corrosion
Lubricating piston seals and plunger shafts of fountain pens

When you shouldn’t use silicone grease

While silicone grease is versatile, it’s not the best choice for metal-on-metal lubrication. Also, because of its resistance to chemicals, silicone grease doesn’t work well on surfaces that are painted or varnished—or will be in the future. Finally, while silicone grease is ideal for lubricating or conditioning rubber, it shouldn’t be used on silicone rubber.

from Lifehacker https://ift.tt/I0k2ciE

Friday, October 27, 2023

These AI-Powered Apps Can Help You Save Money

Photo: Jacob Lund (Shutterstock)

Many finance-related goals can be at least partially automated. While I generally caution against leaning on AI in personal finance, most money-saving apps are essentially like robo-advisors. That is to say, they have their limitations, but they have some major upsides as well. For the most part, these apps are designed to make managing your finances as simple as possible. This means one of their biggest downfalls is that they often offer narrow investment options and generic strategies, without fully taking your personal situation into account. That being said, AI-powered apps can provide ever-evolving recommendations based on your personal finances as well as trends out in the real world. As long as you use these apps with a grain of salt (a grain that only a real human can provide), consider the following tools to make the most of managing your money.

Disclaimer: I don’t regularly rely on any of the apps below. I simply did my research and played around with each one to make sure they were legit.

The best apps to automate your savings, based on your spending

Oportun. Previously called Digit, this app is connected to your bank accounts and uses AI to analyze spending and automatically transfer small amounts to a savings account. Helps you save without thinking about it.
Qapital. Another one of those “set and forget” tools great for passive investors. Uses rules and triggers you set to automate saving and investing. Rounds up transactions or sets aside money based on your goals.
Albert. Provides users with a personalized finance expert who can make recommendations for budgeting, saving, and managing debt based on income and spending patterns.

The best apps to cut back on bills

Trim. Uses AI to analyze your spending and negotiate bills and subscriptions on your behalf to lower costs. Can cancel unwanted subscriptions.
Spruce. Specifically looks for ways you can lower utility, cable/internet, and cell phone bills. Their AI seeks out better plans to optimize spending.
Rocket Money. Great for managing recurring payments. It’s designed to identify expenses you might have otherwise overlooked and comes with autosave features.

The best apps to improve your investing know-how

Cleo. “AI meets money.”An AI chatbot that gives you insights on your finances and helps you track budgets and expenditures. Can find ways to save and give objective money advice.
Magnifi. Positions itself as an “AI investing assistant.” Similar to ChatGPT, it offers conversational guidance to help users research and buy investments, manage and diversify their portfolios and learn about investing. Magnifi costs $13.99 per month or $133.99 annually.

While the AI-powered apps above can give you a financial edge, you should balance their guidance with that of a human professional if you really want to optimize your savings. If you do choose to invest in a financial advisor, be sure to read up on the difference between fee-based and fee-only advisors, as certain financial advisors may not have your best interests at heart. After all, when it comes to finding the right financial planner for you, the last thing you want is to get ripped off.

For more, here are some of the best apps depending on what kind of spender you are, or based on your savings goals.

from Lifehacker https://ift.tt/8i50Lak

The Out-of-Touch Adults’ Guide to Kid Culture: Gen Z Goes to Work, Finds It Time-Consuming

This week, the whole internet is talking about one young woman’s journey into career disillusionment—specifically, her shocking discovery (shared via TikTok) that having a job cuts into your personal time in a major way. Meanwhile, youth in Britain are using the internet to gaslight their American cousins, and famous YouTubers are scaring themselves stupid.

Gen Z’s reaction to working a full-time job sparks online debate

This week, TikTok user @Brielleybell123 posted a simple video that became a flashpoint for the internet to argue about labor within a capitalist structure. In the video, Brielley says she started her first full time job, complete with a two-hour commute, and it’s taking up a ton of her free time. “I don’t have time to do anything,” she says in the video, fighting back tears. “I don’t have time or energy to cook dinner. I don’t have energy to work out, so that’s out the window…the 9-5 schedule is crazy.”

Her video was then embedded in a Twitter post from user Endthemisery1 that reads, “Omg, poor baby has her first job. Like..she has to commute?? Like...she has to cook dinner?? Like...no time or energy to work out?? Like..she’s working in person not remote??? Like...She. Has. To. Work. 9. To. 5 ??? What????”

From there, it spread all over, and divided the online world into two camps: The people who say, “You know what I blame this on the downfall of? Society! Back in my day we worked 28 hours a day and said ‘thank you’ when the boss threw hot embers at us.” The other reaction is more like: “You know, she’s not wrong. And just because you’ve accepted your grim, work-until-you-die fate doesn’t mean you shouldn’t feel compassion for people who are new to the grinding misery of entry-level employment.” (The latter crowd is right, by the way.)

**Study: Kids want less sex in media**

Everyone likes to talk about the relationship between young people and the mass media, but UCLA’s Center for Scholars and Storytellers did the actual research. According the CSC’s survey of 1,500 people between 10 and 24, the youths want to see less sex in media, but more friendship. More than 47% of survey respondents said that sex isn’t needed for the plot of most movies and TV shows, whereas 51.5% of adolescents said they’d like to see more content focused on friendships and platonic relationships. The least popular kind of content is “aspirational”—only 10% of teens call stories about rich and famous people their favorite. Their top choice is content that “mirrors their personal [lives]” Kids want “hopeful, uplifting content with people beating the odds,” over every other kind of story. More than half—56%—of adolescents also say they prefer original content over sequels, franchises and reboots. (Someone tell all of Hollywood.)

So original, realistic, hopeful stories that mirror teen’s real lives, but with friends instead of romance. All of that sounds great, but it reminds me of the scene on The Simpsons when the kid focus group helps create Poochy the Rockin’ Dog. In real life, nine of the 10 highest-grossing movies this year are sequels or based on existing intellectual property (Barbie, Super Mario Bros., Guardians of the Galaxy, etc.), and none of the top 10 movies remotely mirror anyone’s personal life. Maybe Hollywood isn’t creating that kind of content, but on the other hand, maybe Roger Meyers Jr., CEO of Itchy & Scratchy Studios, was right when he said, “You kids don’t know what you want; that’s why you’re still kids, because you’re stupid.”

Barbie, Taylor Swift, Wednesday Addams expected to be most popular costumes

According to Marie Claire, this year’s top choices for Halloween costumes include Barbie, Taylor Swift, and Wednesday Addams, giving young people an archetype and style for any personality and temperament. For Halloween-heads who are too iconoclastic to choose the most recognizable pop culture tropes, Style Caster suggest dressing up as Joan from the “Joan is Awful” episode of Black Mirror. And if you’re a total nerd, try Wanda Maximoff from Wandavision. That said, I get the feeling that younger people are less into Halloween this year than previous years. Maybe the greater number of real-life horrors that surround us have taken some of the shine off of spooky season.

TikTok asks, “Are there really tea time alarms in Great Britain?”

Here’s a funny, blink-and-you’ll-miss-it piece of online culture that’s blowing up this week: British tea time alarms. UK residents are trolling Americans by posting videos claiming that alarms go off all over Britain when it’s time for tea. According to these Anglo-Saxon lads and lassies, the king pushes a red button to set them off, and failure to drink tea at the appointed hour is punishable by arrest. The alarms they say, are such a ubiquitous part of British culture that they’re rarely even mentioned.

The best of these videos do a great job faking the alarm and seem very sincere, but the real point are the response videos and comments from people who don’t know it’s a joke, or who aren’t sure, so they ask their British friends, who are obligated to respond, “of course there are tea time alarms! I thought everyone knew that.” But before you get too down on dumb Americans, remember, people in Great Britain eat baked beans on toast for breakfast, and the whole nation agrees to pretend one family is the best family of all, so they’re capable of anything.

Viral video of the week: “Spending a week at the conjuring house”

YouTube superstars Sam and Colby are celebrating Halloween and hitting 10 million followers this week by spending a full week in the house from The Conjuring—not the location where they shot the movie, but the house where the “actual events” of the The Conjuring happened.

Based on the first two episodes, this series is going to be about 15 hours long, which is a bit much. But still, the boys seem sincere about it all. They seem like they’re really afraid, and watching people be scared of ghosts is entertaining. Not because it’s sadistic, but because we all know ghosts aren’t real, so what we’re seeing is people who are innocent and alive enough to believe in magic.

This kind of video would not work at all if starred anyone over 40, because they’d be thinking “I’m broke, my mortgage payment is past due, and I go in for my second round of chemo this week, so go ahead, ghosts, try to fucking scare me.”

from Lifehacker https://ift.tt/FxSJgh4

Thursday, October 26, 2023

This Refurbished HP Chromebook Is $107 Right Now

If you need a basic, reliable laptop but don’t want to spend a small fortune, this refurbished 2018 HP Chromebook is from model year 2018 and is currently on sale for $106.99, marked down from its usual price of $150. Its grade B rating means it has some cosmetic imperfections, but these don’t impact performance.

A Celeron N3350 processor with 1.1GHz speed, 4GB of RAM, and Chrome OS creates snappy functionality, long-lasting battery life, and a lightweight design. It has 16GB of storage and a 14-inch screen with a 1366 x 768 resolution.

This HP Chromebook is on sale now for $106.99 (reg. $150), though prices can change at any time.

from Lifehacker https://ift.tt/aqLhnGR

What People Are Getting Wrong This Week: Four Halloween Myths (and One Real Danger)

Halloween is our darkest holiday, so it naturally spawns dark misinformation, whether it’s the famous razor-blade-in-the-apple myth, the persistent rumors about black-cat butchery, or the specter of “mischief night” arsonists. At the risk of dampening the mystique of Halloween, here are four things people are getting wrong about Halloween, and one new concern that might actually be true.

Do people put drugs and razors in Halloween candy?

I check my child’s candy for foreign substances every Halloween, even though I know I won’t find any; the idea of him biting into an apple with a hidden razor blade inside is so horrific, it overrides logic. But it’s not actually something worth worrying about. Despite warnings delivered from the federal government and countless anecdotal reports, there has never been a case of a drug dealer putting LSD, fentanyl, or any other illegal drug in children’s Halloween candy. (There was one case that was close: back in 1959, Dr. William Shyne, a Long Island dentist, gave out candy-covered laxatives to kiddies on Halloween, for reasons he never explained.) It’s the same with needles and razor blades. There was one case, in 2000, of a man who hid needles in Halloween candy, but trick or treating has been around for over 100 years, so it’s an extremely isolated occurrence.

Do animal shelters not let people adopt black cats in October?

Many people think animal shelters refuse to allow adoptions of black cats in October. Some attribute the supposed ban to the belief that evil occultists prize black cats for the horrific rituals they perform this time of year. Some say the practice comes from people adopting black cats to serve as spooky decor for the holiday only to abandon them on Nov. 1. But there are no verified accounts of either of these things actually happening. That said, it’s become a self-fulfilling prophecy in some places that actually don’t allow black cat adoptions during October. Other animal shelters encourage the adoption of black cats around Halloween, however—Oct. 27 is National Black Cat Day, after all.

Is Halloween an American holiday?

Halloween predates the United States by hundreds of years. It likely originated with Celtic harvest festivals held around Nov. 1 in Ireland and Scotland. When Catholicism took hold, the pagan holiday was “Cathologic-ized” into “All Saint’s Day,” or “All Hallow’s Day.” The day before became “Hallow’s Eve” and eventually “Halloween.” The holiday wasn’t a widely marked day in the United States until the middle of the 1800s when a large wave of Irish immigrants brought Halloween with them. The first recorded instance of costumed kids going door-to-door to collect candy on Halloween isn’t from America, either. It happened in Canada in 1911. The phrase “trick or treat” comes from Canada, too.

Were “Devil’s Night” fires caused by kids doing mischief?

In some parts of the country, Halloween Eve is still considered “Mischief Night” or “Cabbage Night,” a night for children to play tricks, vandalize, or commit crimes. The unofficial holiday was most popular in mid-1980s in Detroit. They called it “Devil’s Night,” and celebrated by burning down buildings—or so the story goes. The fires were real—in 1984 alone, 810 blazes were reported during the three-days around Halloween in Detroit—but whether they were largely the result of Devil’s Night mischief or insurance fraud is an open question. Arson is a tough crime to solve, especially when only one out of five fires are investigated. Detroit countered the trend of Devil’s Night with a lot of hard work, but arson remains a huge problem in the city.

Should you decorate with fake spider webs?

A newer Halloween warning is illustrated by this headline from House Beautiful: “Here’s Why You Should NEVER Decorate With Fake Cobwebs for Halloween.” The idea is that fake cobwebs strung out over your trees and doorways ensnare local birds, insects and other wildlife. This seems to make a sense, but other than a few scattered reports and an occasional warning from a wildlife center, there’s no widespread evidence of fake webs snaring birds or other animals. More study is needed. Still, fake spider webs are usually made of acrylic, which is definitely flammable, and particularly nasty when it burns, so it’s probably a bad idea to decorate with fake spider webs. If you must, at least be aware of where you’re placing it—don’t set up a net for birdies or place it near a heat source.

from Lifehacker https://ift.tt/7iNH1om

At-Bay Stance MDR improves cyber resilience for SMBs

At-Bay launched At-Bay Stance Managed Detection and Response (At-Bay Stance MDR), a new MDR solution designed to help emerging and mid-sized businesses advance their security defenses and threat preparedness in light of rising cyber crime rates.

By analyzing its claims data from the past two years, At-Bay estimates that more than 50% of its customers’ cyber insurance claims could have been mitigated with an effective MDR solution.

Managed Detection and Response (MDR) solutions have become a must-have for organizations of all sizes; however, getting affordable access to such solutions is difficult for small-to-medium sized businesses.

By providing customers with an enterprise-grade software solution that can monitor their endpoints, which is then managed and monitored by At-Bay’s in-house security experts, the company is helping to address the critical technology, skills, and resource access gap preventing its customers, and most businesses in the US, from becoming more secure.

“We know this new security solution will have a meaningful impact on the businesses in our portfolio,” said Rotem Iram, CEO of At-Bay and security veteran. “Security for small businesses is broken. A critical technology, skills, and resources gap exists that many companies can’t overcome. Our new MDR solution was built to change that. At-Bay Stance MDR will help to improve the cyber resilience and readiness of any business who uses it.”

Key highlights of At-Bay’s MDR offering

At-Bay’s MDR offering combines technology with human analysis to detect and respond to cyber threats before they escalate. Alongside the rest of At-Bay’s Stance portfolio, At-Bay’s newest security solution extends its capabilities to include managed endpoint protection. Key highlights include:

Proactive threat detection: Combines advanced endpoint detection and response (EDR) technology with expert human analysis to proactively detect and respond to cyber threats before they escalate, all managed by At-Bay in-house. This proactive approach significantly reduces the risk of data breaches, financial losses, and reputational damage.
Tailored solution: Every organization is unique and At-Bay understands that. At-Bay’s MDR services are fully customizable to meet the specific needs and risk profiles of their clients. Whether you’re a growing business or a large enterprise, they have a solution for you.
Cost effective: Customers that subscribe to top performing MDR services like the one offered by At-Bay, could be eligible for a premium credit on cyber insurance premiums due to their enhanced security. This means that investing in cybersecurity is not only a smart choice but also a cost-effective one.

“We are uniquely positioned to understand and address the biggest security gaps within the small-to-mid market business community,” said Thomas Dekens, Chief Business Officer and GM of At-Bay Security. “As a provider of both insurance and cybersecurity products, we have unprecedented insight into where security technologies and controls are excelling, and failing, and we are incentivized to help businesses fix these gaps quickly. That’s why we are launching an MDR solution today.”

At-Bay Stance Managed Detection and Response (MDR) will be available as an optional service starting in January 2024 from At-Bay’s security affiliate

from Help Net Security https://ift.tt/nmvrDcA

Cado Security launches Cloud Incident Readiness Dashboard for proactive response

Cado Security has unveiled Cado’s Incident Readiness Dashboard. This new dashboard provides the ability to proactively run readiness checks, see readiness trends over time, and identify issues that could prevent the organization from rapidly responding to active threats.

“The reality of today’s digital landscape is that an incident is not a question of ‘if’ but ‘when’, so ensuring you are prepared to investigate and respond to cloud threats is vital to managing risk,” said James Campbell, CEO of Cado Security.

“With the rapid migration to the cloud, organizations often have little to no visibility into these new environments. As attackers increasingly target cloud-based systems, security teams need to know with confidence that they’ll be able to quickly investigate detected incidents. With Cado’s Incident Readiness Dashboard, we are providing organizations with a powerful tool that not only identifies gaps that could hinder rapid investigation and response, but also offers actionable insights for immediate improvement,” Campbell continued.

The ever-increasing global incident reporting mandates are also putting increased pressure on organizations to ensure they are prepared to determine the scope of an active incident in a timely manner. Some examples include the SEC’s fast-approaching “Final Rule” on incident response and breach disclosures, the European Union’s GDPR’s 72-hour reporting requirement for data breaches, and the upcoming NIS 2 Directive for critical infrastructure organizations coming into effect in 2024.

Cado’s new readiness features allow customers to understand how prepared they are to perform incident response actions in the cloud. The Cado platform will now deliver an Incident Readiness Dashboard that delivers a readiness score based on several factors, including whether the organization is able to acquire critical forensic evidence across its cloud environment. The dashboard will enable organizations to continuously improve their ability to investigate and respond to cloud threats and optimize their cloud incident response program.

The Cado Platform enables security teams to:

Automate the entire end-to-end incident response process – from collecting, preserving and analyzing forensic evidence, to containing the threat and limiting its impact.
Prepare for an incident by setting up accesses, testing data acquisition, implementing automation rules, and integrating with third-party systems including incident management platforms such as XDR, SOAR, CNAPP, and SIEM.
Test for incident preparedness in order to continuously understand risk posture, know where gaps exist, and where to invest in reducing exposure.

from Help Net Security https://ift.tt/QxiqmJb

Wednesday, October 25, 2023

Bitdefender Offensive Services incorporates penetration testing and red team simulated attacks

Bitdefender announced Bitdefender Offensive Services, a new offering designed to proactively assess, identify, and remediate security gaps in an organization’s environment (on premises, cloud, hybrid) through penetration testing and red team simulated attacks.

In an independent global survey of 400 IT and cybersecurity professionals, 52% of businesses surveyed suffered a data leak or breach in the last 12 months. When asked about the security threats that pose the greatest concern, respondents indicated they are most concerned about software vulnerabilities and/or zero-days threats (53%).

These findings correlate with Bitdefender Labs’ research that shows a marked increase of cybercriminals exploiting known software vulnerabilities using proof of concept (PoC) attacks.

Bitdefender Offensive Services bolster the company’s managed detection and response (MDR) portfolio and provide organizations with a proactive means to fortify environments, reduce risk, and meet regulatory/compliance mandates such as SOC 2, HIPAA, GLBA, FISMA, PCI-DSS, NIS2 and ISO 27001 as the threat landscape evolves.

The services are led by its elite team of cybersecurity analysts, researchers, threat hunters, and CREST-accredited ethical hackers enhanced by the Bitdefender Global Protective Network, an extensive network of hundreds of millions of sensors continuously collecting threat data worldwide.

Additionally, Bitdefender’s new services support organizations adopting Continuous Threat Exposure Management (CTEM), a cybersecurity process that employs controlled attack simulations for identifying and mitigating threats to networks, systems, and supply chain environments. This allows stress testing security posture and identifying vulnerabilities before they are exploited by real attackers.

About Bitdefender Offensive Services

Bitdefender penetration testing service – is tailored for each organization based on multiple factors including industry type, operational infrastructure, software adoption, and perceived risk. The ethical hacking team performs a vulnerability assessment to identify security weaknesses of systems covering networks, applications, mobile devices and more.

Weaknesses found are used to conduct authorized simulated cyberattacks, testing the organization’s cybersecurity defenses and controls such as user authorization, authentication, and integrity against industry standards. An in-depth report is delivered to help remediate security gaps, educate on potential consequences had the attack been real, and strengthen overall security posture.

Bitdefender red teaming service – is a human-led, intelligence-driven exercise that simulates real-world threat actors including advanced persistent threats (ATPs) to demonstrate how attackers would attempt to compromise critical functions and underlying systems of an organization. In contrast to penetration testing, red teaming is objective-based, open-scoped, and executed covertly during a longer window of time to assess an organization’s total cybersecurity ecosystem covering people, processes and technologies.

The attacks are guided by the Techniques, Tactics and Procedures (TTPs) of the MITRE ATT&CK Framework to mimic adversarial behaviors using specific attack methods including social engineering, customized tools and malware, post-breach lateral movement and more. The Bitdefender red team improves an organization’s ability to detect and respond to attacks and be more cyber resilient should an incident occur.

According to the Gartner Top Trends in Cybersecurity 2023 report, “By 2026, organizations prioritizing their cybersecurity investments via a continuous threat exposure management (CTEM) program will suffer two-thirds fewer breaches.”

“As malware, vulnerability exploits, phishing and other attacks continue to escalate and evolve, organizations that take proactive measures to cybersecurity and its continuous improvement will be vastly more secure,” said Andrei Florescu, deputy GM and SVP of products, Bitdefender Business Solutions Group.

“With the addition of Bitdefender Offensive Services to our world-class MDR offering, businesses have a straightforward approach for improving security posture and having critical elements of their security operations spearheaded by a highly talented team of practitioners,” added Florescu.

from Help Net Security https://ift.tt/rC18iUI

Why You Should Turn Websites Into Apps on Your Mac

Now that so much of our work happens on websites, it’s hard to find native apps designed for Macs. If you spend a lot of time on an obscure website, or a custom-made work portal, you might want to create a dedicated app for it—something that works as well as (or better) than Safari, shows you notifications, and has a dedicated place on the Dock. It doesn’t take any know-how, either.

Apple added a new feature to Safari in macOS Sonoma that lets you convert any website into a Dock app. And a focused approach like this might be good for your productivity. The website’s icon (or favicon) will appear as an app, and when launched, the site will run as an app. You won’t see any Safari toolbar, start page, or any other browser features, so it’s a much more focused experience. You won’t get pulled in by the allure of the greater web. You can’t lose hours on Facebook if there’s no Facebook tab that can be opened.

Web apps also offer a privacy incentive: Because these apps are separate from Safari, they don’t have browsing history, cookies, or website data. It’s similar to using a different Safari profile for specific browsing, as none of that browsing will show up in the personal profile. And, because macOS treats it like an app, you can even choose to have it open when you boot up your Mac.

How to turn any website into a Mac app

First, open the website in Safari. Click the Share icon from the top toolbar and choose the Add to Dock option. A popup window will show the name, URL, and the logo of the website, all pre-filled by Safari. You are free to change the title, exact URL, or the icon here, if you’d like. Then, click Add to Dock and you’re done.

You’ll find the new app in the Dock, and when you launch, it will work just like it did in Safari, with the same log-in, as well. By default, the app won’t show the navigation bar, but you can enable this by clicking the app name from the menu bar and selecting Settings > Show Navigation Controls. Here, you can also disable the color matching title bar if you’d like.

In my testing, I’ve found that the strengths and weaknesses of the Safari browser translate to the apps as well. Google’s apps like Google Drive, Google Keep, and Workspace websites are iffy in Safari, and that’s the case here, too. To improve their performance, you’ll have to look into Chromium-based tools like Coherence X4, or third-party apps like Unite and Flotato. While you’ll get better performance there, the downside is that they’re all paid apps, costing up to $30, and not nearly as seamless as simply adding a website to the Dock using Safari.

from Lifehacker https://ift.tt/pik94dI

You Can Avoid the Apple TV+ Price Hike (for Now)

Bad news: Apple’s raising subscription prices. Apple Arcade is jumping from $4.99 to $6.99, News+ from $9.99 to $12.99, and Apple TV+ from $6.99 to $9.99. (Remember when the latter was $4.99?)

Perhaps you’re preparing your wallet for these increases. Or, if you’re sick of price hikes, you might just cancel your sub altogether. Before you do either, know there is a way to lock in your subscription at the old rate for a month, or, in Apple TV+’s case, a year. But you’ll need to act fast.

If you haven’t subscribed to these Apple services in the past, you may be stuck with the price increase. Lucky for you, you can take advantage of any free trials still offered. But for anyone who has an active or expired Apple service subscription, you can bypass the price hike right now in your subscription settings.

Here’s how it works: Open Settings, tap your name at the top, then choose Subscriptions. Here, you’ll see all active and inactive subscriptions attached to your Apple ID. In my case, I have expired subscriptions for Apple News+ and and Apple TV+. If I tap either, I have the option to renew at the old rate, not the new one.

But it’s better news for Apple TV+. While Apple News+ only offers a monthly subscription, Apple TV+ comes in either monthly or yearly subs. If you tap Apple TV+, then choose See All Plans, you can choose from either the old $6.99 monthly rate, or the $69.00 per year option.

Apple hasn’t said what its new yearly option is going to be with the price hike, if any, so subscribing to this new plan is the only way to lock in the old price against changes for the next year. If $9.99 per month is the only option going forward, you’ll save $30 for a year of Apple TV+.

If you only want to commit to the month, you can still save a little money before the new prices kick in for you, too.

from Lifehacker https://ift.tt/OW6Mzbj

Tuesday, October 24, 2023

Ivanti’s new capabilities simplify vulnerability prioritization and remediation

Ivanti released new capabilities for the Ivanti Neurons platform to improve the digital employee experience, offer scalability to customers and enhance vulnerability prioritization and remediation.

With this release, Ivanti continues to deliver on its mission to empower IT and Security teams with a 360-degree view of their entire IT estate – providing visibility, actionable insights and security.

“We are dedicated to building technologies that enable a seamless, secure workplace for employees,” said Dr. Srinivas Mukkamala, CPO, Ivanti. “By continuously extending capabilities for the Ivanti Neurons platform, we help ensure that customers have the best solutions to manage, secure and service all their devices and networks to empower their people. With the speed at which threats are targeting the workplace, organizations need to have the right solutions to discover and remediate security threats before threat actors have a chance to exploit them.”

The new capabilities for the Ivanti Neurons platform include the following:

Integrated vulnerability prioritization and remediation

Ivanti Neurons for RBVM and Ivanti Neurons for Patch Management have been integrated to automate the handoff of CVEs from security teams to IT ops. With this end-to-end vulnerability prioritization and patching experience, customers can now remediate vulnerabilities more quickly and easily to better protect against cyber threats.
This integration is enabled by a CVE to Patch Group API which effectively allows Ivanti Neurons for Patch Management to integrate with any product that can transmit a list of CVEs via the API.
In addition, Ivanti Neurons for Patch Management now supports agent-based macOS device patching — no enrollment to a mobile device management (MDM) product is needed.

New secure Unified Endpoint Management (UEM) solution packages

Depending on endpoint management needs and maturity, organizations can choose from three Secure UEM solution packages: Secure UEM Professional, Secure UEM Professional Plus and Secure UEM Premium.
Organizations can determine which package includes the capabilities that best suit their needs while gaining the ability to scale as they grow. This helps ensure that no matter the location, endpoints are discoverable, manageable, secured, and healed.

“Security technical professionals are being overrun by ordinary cybercrime, hacktivist attacks, and advanced, targeted attacks from sophisticated adversaries,” said Eric Grenier, Director Analyst at Gartner. “To defend against these attacks, organizations need to choose solutions that include the right mix of techniques and supported OSs and devices — a mix that balances prevention with visibility, monitoring, detection and incident response support.

New enterprise service management solution packages

Based on business needs and scalability, Ivanti is offering four enterprise service management solution packages: ITSM Professional, ITSM Enterprise, ITSM Premium, and ITSM Enterprise Premium.
By choosing one of these service management solution packages, organizations are enabled to reduce costs, optimize service performance, and create a secure, agile environment that is ready for the future.

New actionable insights

New onboarding and dashboard experience in Ivanti Neurons provides a clear view of devices, users and organizational Digital Experience Scores (DEX score) KPIs. Optimize IT efficiency and employee productivity by quickly viewing and drilling into device, people and enterprise-wide organization DEX scores to better understand issues and make informed decisions on how to best remediate.

from Help Net Security https://ift.tt/gsalJFp

There Are Four Ways to Turn Off Your iPhone

iPhones are, by design, pretty easy to set up and use. But while it’s almost second-nature to turn on your new iPhone, it’s not clear how to shut it off. You press and hold the power button, expecting some kind of shut down option, but it just triggers Siri. As it happens, there are a few different ways to turn off or restart your iPhone, and some don’t even require the use of hardware buttons.

How to turn off your iPhone using hardware buttons

Every iPhone since the X uses this shutdown and restart process. To turn off your iPhone, you need to press and hold a combination of the Side button and one of the volume buttons (it doesn’t matter whether it’s the volume up or volume down button).

Keep these buttons pressed until you see the shutdown screen. Then, let go, and slide your finger across the Slide to Power Off slider. In a couple of seconds, your iPhone turn off.

If you’re using an iPhone with a Home button, like the iPhone 8 or the iPhone SE, all you need to do is to press and hold the Side button to bring up the shutdown menu.

How to turn off an unresponsive iPhone

If your iPhone is frozen, you might not be able to trigger the shutdown screen. Luckily, there is a way to force any iPhone to turn off and restart, instantly disabling all running apps and processes.

To do this, press and release the volume up button, then press and release the volume down button, and press and hold the Side button until you see the Apple logo on the screen. (This method solves a lot of general iPhone issues.)

How to turn off your iPhone using Settings

There’s also a way to turn off your iPhone from the Settings app, in case the physical buttons on your iPhone aren’t working. Go to Settings > General > Shut Down to turn off your iPhone.

How to turn off your iPhone using Siri

If you’re using iOS 15 or higher, you can ask Siri (using the Side button, or the voice command) to “shut down my iPhone” or “turn off my iPhone.” Siri will ask you for confirmation. You can respond with a “Yes” or you can press the Power Off button in the Siri interface to quickly turn off your iPhone.

This is one of the commands Apple baked into the iPhone, so it doesn’t require an internet connection. It’ll work even if you’re in Airplane mode, or when you don’t have a reliable internet connection.

from Lifehacker https://ift.tt/xOMvwAH