A human head has been found washed up on a beach in Florida, according to police.

Train companies are set to face a review over how they prosecute and enforce rail fare evasion after reports of disproportionate action taken against passengers.

The Church of England's deputy lead bishop for safeguarding has said it is "not a safe institution" in some ways - and that others may need to step down following the Archbishop of Canterbury's resignation.

An American warship that was sunk by Japanese dive bombers during the Second World War has finally been found, more than 80 years later.

Sara Sharif's murder-accused father has told jurors he "takes full responsibility" for the death of his daughter.

A picnic cottage enjoyed by Queen Victoria during her visits to Balmoral has been restored to its former glory by the National Trust for Scotland.

Actor Timothy West has died peacefully in his sleep aged 90, "with his friends and family at the end".

New trenches and berms are being constructed along the frontier in the occupied Golan Heights.

Audrey F tells a court how a 13-year-old student's lie to her parents led to Samuel Paty's murder.

BAFTA will not revoke individual awards won by disgraced news presenter Huw Edwards, Sky News understands.

Several people have been injured after a bus carrying school children collided with a lorry in Leicestershire.

It’s been less than a week, and late Friday night we reached the fundraiser goal of €2500 (it sat at 102% when I closed it) on Ko-Fi! I’m incredibly grateful for each and every donation, big or small, and every new Patreon that joined our ranks. It’s incredible how many of you are willing to support OSNews to keep it going, and it means the absolute world to me. Hopefully we’ll eventually reach a point where monthly Patreon income is high enough so we can turn off ads for everyone, and be fully free from any outside dependencies. Of course, it’s not just those that choose to support us financially – every reader matters, and I’m very thankful for each and every one of you, donor/Patreon or not. The weekend’s almost over, so back to regular posting business tomorrow. I wish y’all an awesome Sunday evening.

It’s the start of the work week, so for the IT administrators among us, I have another great article by friend of the website, Stefano Marinelli. This article covers migrating a Proxmox-based setup to FreeBSD with bhyve. The load is not particularly high, and the machines have good performance. Suddenly, however, I received a notification: one of the NVMe drives died abruptly, and the server rebooted. ZFS did its job, and everything remained sufficiently secure, but since it’s a leased server and already several years old, I spoke with the client and proposed getting more recent hardware and redoing the setup based on a FreeBSD host. ↫ Stefano Marinelli If you’re interested in moving one of your own setups, or one of your clients’ setups, from Linux to FreeBSD, this is a great place to start and get some ideas, tips, and tricks. Like I said, it’s Monday, and you need to get to work.

Some months ago, I got really fed up with C. Like, I don’t hate C. Hating programming languages is silly. But it was way too much effort to do simple things like lists/hashmaps and other simple data structures and such. I decided to try this language called Odin, which is one of these “Better C” languages. And I ended up liking it so much that I moved my game Artificial Rage from C to Odin. Since Odin has support for Raylib too (like everything really), it was very easy to move things around. Here’s how it all went.. Well, what I remember the very least. ↫ Akseli Lahtinen You programmers might’ve thought you escaped the wrath of Monday on OSNews, but after putting the IT administrators to work in my previous post, it’s now time for you to get to work. If you have a C codebase and want to move it to something else, in this case Odin, Lahtinen’s article will send you on your way. As someone who barely knows how to write HTML, it’s difficult for me to say anything meaningful about the technical details, but I feel like there’s a lot of useful, first-hand info here.

Old-school Apple fans probably remember a time, just before the iPhone became a massive gaming platform in its own right, when Apple released a wide range of games designed for late-model clickwheel iPods. While those clickwheel-controlled titles didn’t exactly set the gaming world on fire, they represent an important historical stepping stone in Apple’s long journey through the game industry. Today, though, these clickwheel iPod games are on the verge of becoming lost media—impossible to buy or redownload from iTunes and protected on existing devices by incredibly strong Apple DRM. Now, the classic iPod community is engaged in a quest to preserve these games in a way that will let enthusiasts enjoy these titles on real hardware for years to come. ↫ Kyle Orland at Ars Technica A nice effort, of course, and I’m glad someone is putting time and energy into preserving these games and making them accessible to a wider audience. As is usual with Apple, these small games were heavily encumbered with DRM, being locked to both the the original iTunes account that bought them, but also to the specific hardware identifier of the iPod they were initially synchronised to using iTunes. A clever way around this DRM exists, and it involves collectors and enthusiasts creating reauthorising their iTunes accounts to the same iTunes installation, and thus adding their respective iPod games to that single iTunes installation. Any other iPods can then be synced to that master account. The iPod Clickwheel Games Preservation Project takes this approach to the next level, by setting up a Windows virtual machine with iTunes installed in it, which can then be shared freely around the web for people to the games to their collection. This is a rather remarkably clever method of ensuring these games remain accessible, but obviously does require knowledge of setting up Qemu and USB passthrough. I personally never owned an iPod – I was a MiniDisc fanatic until my Android phone took over the role of music player – so I also had no clue these games even existed. I assume most of them weren’t exactly great to control with the limited input method of the iPod, but that doesn’t mean there won’t be huge numbers of people who have fond memories of playing these games when they were younger – and thus, they are worth preserving. We can only hope that one day, someone will create a virtual machine that can run the actual iPod operating system, called Pixo OS.

A long, long time ago, back when running BeOS as my main operating system had finally become impossible, I had a short stint running QNX as my one and only operating system. In 2004, before I joined OSNews and became its managing editor, I also wrote and published an article about QNX on OSNews, which is cringe-inducing to read over two decades later (although I was only 20 when I wrote that – I should be kind to my young self). Sadly, the included screenshots have not survived the several transitions OSNews has gone through since 2004. Anyway, back in those days, it was entirely possible to use QNX as a general purpose desktop operating system, mostly because of two things. First, the incredible Photon MicroGUI, an excellent and unique graphical environment that was a joy to use, and two, because of a small but dedicated community of enthousiasts, some of which QNX employees, who ported a ton of open source applications, from basic open source tools to behemoths like Thunderbird, the Mozilla Suite, and Firefox, to QNX. It even came with an easy-to-use package manager and associated GUI to install all of these applications without much hassle. Using QNX like this was a joy. It really felt like a tightly controlled, carefully crafted user experience, despite desktop use being so low on the priority list for the company that it might as well have not been on there at all. Not long after, I think a few of the people inside QNX involved with the QNX desktop community left the company, and the entire thing just fizzled out afterwards when the company was acquired by Harman Kardon. Not long after, it became clear the company lost all interest, a feeling only solidified once Blackberry acquired the company. Somewhere in between the company released some of its code under some not-quite-open-source license, accompanied by a rather lacklustre push to get the community interested again. This, too, fizzled out. Well, it seems the company is trying to reverse course, and has started courting the enthusiast community once again. This time, it’s called QNX Everywhere, and it involves making QNX available for non-commercial use for anyone who wants it. No, it’s not open source, and yes, it requires some hoops to jump through still, but it’s better than nothing. In addition, QNX also put a bunch of open source demos, applications, frameworks, and libraries on GitLab. One of the most welcome new efforts is a bootable QNX image for the Raspberry Pi 4 (and only the 4, sadly, which I don’t own). It comes with a basic set of demo application you can run from the command line, including a graphical web browser, but sadly, it does not seem to come with Photon microGUI or any modern equivalent. I’m guessing Photon hasn’t seen a ton of work since its golden days two decades ago, which might explain why it’s not here. There’s also a list of current open source ports, which includes chunks of toolkits like GTK and Qt, and a whole bunch of other stuff. Honestly, as cool as this is, it seems it’s mostly aimed at embedded developers instead of weird people who want to use QNX as a general purpose operating system, which makes total sense from QNX’ perspective. I hope Photon microGUI will make a return at some point, and it would be awesome – but I expect unlikely – if QNX could be released as open source, so that it would be more likely a community of enthusiasts could spring up around it. For now, without much for a non-developer like me to do with it, it’s not making me run out to buy a Raspberry Pi 4 just yet.

The current version of Windows on ARM contains Prism, Microsoft’s emulator that allows x86-64 code to run on ARM processors. While it was already relatively decent on the recent Snapdragon X platform, it could still be very hit-or-miss with what applications it would run, and especially games seemed to be problematic. As such, Microsoft has pushed out a major update to Prism that adds support for a whole bunch of extensions to the x86 architecture. This new support in Prism is already in limited use today in the retail version of Windows 11, version 24H2, where it enables the ability to run Adobe Premiere Pro 25 on Arm. Starting with Build 27744, the support is being opened to any x64 application under emulation. You may find some games or creative apps that were blocked due to CPU requirements before will be able to run using Prism on this build of Windows. At a technical level, the virtual CPU used by x64 emulated applications through Prism will now have support for additional extensions to the x86 instruction set architecture. These extensions include AVX and AVX2, as well as BMI, FMA, F16C, and others, that are not required to run Windows but have become sufficiently commonplace that some apps expect them to be present. You can see some of the new features in the output of a tool like Coreinfo64.exe. ↫ Amanda Langowski and Brandon LeBlanc on the Windows Blog Hopefully this makes running existing x86 applications that don’t yet have an ARM version a more reliable affair for Windows on ARM users.

Earlier this year, a proposal was made to replace the primary edition of Fedora from the GNOME variant to the KDE variant. This proposal, while serious, was mostly intended to stir up discussion about the position of the Fedora KDE spin within the larger Fedora community, and it seems this has had its intended effect. A different, but related proposal, to make Fedora KDE equal in status to the Fedora GNOME variant, has been accepted. The original proposal read: After a few months of being live, the proposal has now been unanimously accepted, which means that starting with Fedora 42, the GNOME and KDE versions will have equal status, and thus will receive equal marketing and positioning on the website. Considering how many people really enjoy Fedora KDE, this is a great outcome, and probably the fairest way to handle the situation for a distribution as popular as Fedora. I use Fedora KDE on all my machines, so for me, this is great news.

More bad news from Mozilla. The Mozilla Foundation, the nonprofit arm of the Firefox browser maker Mozilla, has laid off 30% of its employees as the organization says it faces a “relentless onslaught of change.” Announcing the layoffs in an email to all employees on October 30, the Mozilla Foundation’s executive director Nabiha Syed confirmed that two of the foundation’s major divisions — advocacy and global programs — are “no longer a part of our structure.” ↫ Zack Whittaker at TechCrunch This means Mozilla will no longer be advocating for an open web, privacy, and related ideals, which fits right in with the organisation’s steady decline into an ad-driven effort that also happens to be making a web browser used by, I’m sorry to say, effectively nobody. I just don’t know how many more signs people need to see before realising that the future of Firefox is very much at stake, and that we’re probably only a few years away from losing the only non-big tech browser out there. This should be a much bigger concern than it seems to be to especially the Linux and BSD world, who rely heavily on Firefox, without a valid alternative to shift to once the browser’s no longer compatible with the various open source requirements enforced by Linux distributions and the BSDs. What this could also signal is that the sword of Damocles dangling above Mozilla’s head is about to come down, and that the people involved know more than we do. Google is effectively bankrolling Mozilla – for about 80% of its revenue – but that deal has come under increasing scrutiny from regulars, and Google itself, too, must be wondering why they’re wasting money supporting a browser nobody’s using. We’re very close to a web ruled by Google and Apple. If that prospect doesn’t utterly terrify you, I honestly wonder what you’re doing here, reading this.

Steam has finally stopped working on several older Windows operating systems, following a warning from Valve that it planned to drop support earlier this year. With little fanfare, Windows 7 and Windows 8 gaming on Steam is no longer possible following the most recent Steam client update on November 5. ↫ Ben Stockton at PCGamesN It’s honestly wild that Valve supported Windows 7 and 8 for this long for Steam in the first place. They’ve been out of support for a long time, and at this point in time, less than 0.3% of Steam users were using Windows 7 or 8. Investing any resources in continuing to support them would be financially irresponsible, while also aiding a tiny bit in allowing people to use such unsupported, insecure systems to this day. I’m sure at least one of you is still rocking Windows 7 or 8 as your daily driver operating system, so I’m sorry if you don’t want to hear this, but it’s really, really time to move on. Buying a Windows 10 or 11 license on eBay or whatever costs a few euros at most – if you’re not eligible for one the free upgrade programs Microsoft ran – and especially Windows 10 should run just fine on pretty much anything Windows 7 or 8 runs on. Do note that with Windows 10, though, you’ll be back in the same boat next year.

Korzystając z zainfekowanych telefonów, przestępcy rozsyłają wiadomości SMS z informacją o konieczności podjęcia działań wraz z linkiem do złośliwej strony. Jeśli użytkownik zgodzi sie na pobranie i zainstalowanie aplikacji to po uzyskaniu odpowiednich uprawnień przejmuje ona kontrolę nad urządzeniem i wykradać dane z telefonu.

Reklamy opisują platformy inwestycyjne za pomocą których można rzekomo inwestować w kryptowaluty lub akcje firm. Po podaniu wymaganych danych kontaktowych, przedstawiciel firmy oferującej te fałszywe inwestycje kontaktuje się telefonicznie z zainteresowanym i nakłania do zainwestowania przez wykonanie przelewu.

Przestępcy wykorzystują kilka metod propagowania oszustwa oraz zachęcania potencjalnej ofiary do podania poufnych danych związanych z portalem Facebook. Konta te też są wykorzystywane do wyłudzania środków finansowych od osób będących w kręgu znajomych przejętego konta.

Fortinet opublikował informację o krytycznej podatności CVE-2022-42475 pozwalającej na zdalne wykonanie kodu bez uwierzytelniania w module SSL-VPN (sslvpnd) dla FortiOS. Podatność była aktywnie wykorzystywana w atakach jeszcze zanim jej istnienie zostało ujawnione.

Przestępcy coraz częściej personalizują swoje kampanie, tworzą je pod potencjalne ofiary. Chcą tak wzbudzić większy niepokój, ale także urealistycznić atak. Osiągają to m.in. zwracając się do adresata bezpośrednio po jego imieniu.

Zespół CERT Polska zaobserwował nowy wariant oszustwa, w którym przestępcy wykorzystują wizerunek Ministerstwa Finansów. Celem tego oszustwa jest zachęcenie potencjalnej ofiary do udostępnienia swoich danych uwierzytelniających do bankowości internetowej.

Przestępcy próbują doprowadzić do infekcji komputera ofiary wszelkimi możliwymi sposobami. Bardzo częstym wektorem ataku są masowo wysyłane emaile zawierające złośliwe załączniki, które mają zostać otworzone i uruchomione przez ofiarę.

Ostrzegamy przed kampanią phishingową ukierunkowaną na klientów serwisu Netflix. Celem przestępców jest wyłudzenie danych dostępowych do konta oraz poufnych informacji związanych z kartą płatniczą.

Microsoft opublikował informację o krytycznej podatności CVE-2023-23397 w aplikacji Outlook na systemie Windows. Może ona prowadzić do zdalnego przejęcia hasła domenowego, bez interakcji użytkownika. Podatność była aktywnie używana w atakach przez jedną z rosyjskich grup APT od kwietnia 2022 roku, w tym w Polsce. Rekomendujemy podjęcie natychmiastowych działań we wszystkich organizacjach, których użytkownicy korzystają z poczty poprzez klienta Microsoft Outlook.

Spear phishing jest oszustwem o charakterze socjotechnicznym, wykorzystującym presję autorytetu i czasu, aby skłonić atakowanego do podjęcia niekorzystnego dla niego działania. Fakt, że zazwyczaj informacje potrzebne do przeprowadzenia ataku są publicznie dostępne lub łatwe do uzyskania, czyni to oszustwo popularnym wśród cyberprzestępców.

Nasza Lista Ostrzeżeń obchodziła w tym roku swoje trzecie urodziny. W tym czasie udało nam się ograniczyć skutki wielu różnych kampanii phishingowych celujących w polskich użytkowników Internetu. W odpowiedzi na zmieniający się krajobraz zagrożeń postanowiliśmy wprowadzić parę zmian w działaniu naszej listy, które pozwolą nam lepiej chronić użytkowników. Zapraszamy do zapoznania się z proponowanymi zmianami oraz podzielenia się swoją opinią.

W module WebInteraface oprogramowania Telwin SCADA CERT Polska wykrył podatność typu Path Traversal (CVE-2023-0956).

Rok 2023 to kolejne działania CERT Polska poprawiające bezpieczeństwo polskiego internetu. Jednym z zainicjowanych w tym czasie projektów był Artemis. Dwanaście miesięcy działania dało imponujące efekty - przeskanowaliśmy ponad 50 tys. domen i adresów IP, odkrywając blisko 180 tys. podatności lub błędnych konfiguracji.

W aplikacji eWeLink firmy CoolKit Technology wykryto podatność pozwalającą na ominięcie ekranu blokady (CVE-2023-6998).

W oprogramowaniu Kofax Capture wykryto podatność typu Stored XSS (CVE-2023-5118).

W oprogramowaniu różnych modeli terminali płatniczych firmy PAX wykryto łącznie 5 podatności (CVE-2023-4818, CVE-2023-42134, CVE-2023-42135, CVE-2023-42136, CVE-2023-42137).

Jednym z kluczowych wyzwań związanych z europejskim cyberbezpieczeństwem jest zależność od danych pochodzących z krajów spoza UE. Projekt FETTA (Federated European Team for Threat Analysis, pol. Europejski Zespół Analizy Zagrożeń) ma na celu rozwiązanie tego problemu poprzez utworzenie międzynarodowego zespołu opracowującego produkty i narzędzia z zakresu Cyber Threat Intelligence (CTI).

W ostatnich tygodniach zespół CERT Polska obserwuje wzmożoną kampanię ataków z użyciem szkodliwego oprogramowania Balada Injector, które infekuje strony oparte na WordPressie korzystając z podatności w niektórych popularnych wtyczkach.

We wtyczce Apaczka do platformy PrestaShop wykryto podatność typu Files or Directories Accessible to External Parties (CVE-2024-2759).

Czy sztuczna inteligencja przejmie władzę nad światem? Czy AI jest w stanie zmylić naszą percepcję? Czy łatwo jest odróżnić rzeczywistość od manipulacji? Czym jest deepfake i czy zawsze oznacza coś złego? I czy człowiek może pokochać maszynę?

Za nami 27. edycja konferencji Secure. Były to dwa dni wypełnione wiedzą i ważnymi dyskusjami, ale także znakomita okazja do nawiązania kontaktów z innymi specjalistami z dziedziny cyberbezpieczeństwa. Przestrzeń naszej konferencji to miejsce, w którym mogą się spotkać różne spojrzenia, podejścia i aspekty (cyber)bezpieczeństwa.

W oprogramowaniu CraftBeerPi 4 wykryto podatność typu Improper Input Validation (CVE-2024-3955).

W oprogramowaniu Kioware for Windows wykryto 3 podatności różnego typu (CVE-2024-3459, CVE-2024-3460 oraz CVE-2024-3461).

Wybory do parlamentu europejskiego już w ten weekend, ale to wcale nie znaczy, że 10 czerwca ten tekst przestanie być aktualny. I to nawet nie dlatego, że w 2025 roku czekają nas wybory prezydenckie.

We wtyczce AdmirorFrames do platformy Joomla! wykryto 3 podatności różnego typu i nadano im identyfikatory CVE-2024-5735, CVE-2024-5736 i CVE-2024-5737.

Am 13.11.2024 um 15:30 Uhr war der Luftdruck bei 1029.3hPa. Eine Änderung von -0.8hPa/3h.

(EMAILWIRE.COM, October 22, 2024 ) Denver, CO and Boulder, CO – Outskirts Press—the fastest-growing, full-service self-publishing and book marketing company—is pleased to announce the release of Lessons from a Barracuda by Beth McKnight. The novel takes a bite out of abuse in the home and workplace...

(EMAILWIRE.COM, October 23, 2024 ) Membership Management Software Market is expected to reach USD 8.64 billion by 2030, with a CAGR of 4.7% between 2024 and 2030. The membership management software is used to help organizations with work. Most of the administrative duties are expected to be automatized....

(EMAILWIRE.COM, October 23, 2024 ) The global SASE Market growth is projected to grow from USD 1.9 billion in 2023 to USD 5.9 billion by 2028, at a Compound Annual Growth Rate (CAGR) of 25.0% during the forecast period. The growing preference for remote working practices, the increase in traffic...

(EMAILWIRE.COM, October 23, 2024 ) The report "Metal Organic Frameworks Market by Type (Zinc-based, Copper-based, Iron-based, Aluminium-based, Chromium-based), Synthesis Method (Solvothermal/Hydrothermal, Microwave-assisted, Mechanochemical), and Region - Global forecast to 2030 " The global Metal...