si ETSI Open Source MANO announces Release FIFTEEN, leaner and easier to maintain By www.etsi.org Published On :: Mon, 08 Apr 2024 10:24:02 GMT Sophia Antipolis, 21 December 2023 The ETSI Open Source MANO community is proud to announce OSM Release FIFTEEN, meeting the well-established cadence of two releases per year. The OSM community delivers one Long Term Support (LTS) and one regular release every year, to ensure the OSM user base is provided with continuous innovations and production-ready stability. Read More... Full Article
si ETSI Protection Profile for securing smartphones gains world-first certification from French Cybersecurity Agency By www.etsi.org Published On :: Fri, 12 Apr 2024 09:05:05 GMT Sophia Antipolis, 12 January 2024 In a significant step highlighting the critical importance of security for mobile device users, the French National Cybersecurity Agency (ANSSI) has certified ETSI's Consumer Mobile Device Protection Profile under the Common Criteria global certification framework. This represents the first certification by a national administration of a comprehensive suite of specifications for assessing the security of smartphones. Read More... Full Article
si ETSI Releases Ground-breaking Technical Report to mitigate technology-enabled Coercive Control By www.etsi.org Published On :: Fri, 12 Apr 2024 09:02:36 GMT Sophia Antipolis, 31 January 2024 The European Telecommunications Standards Institute (ETSI) has published a significant new technical report, "ETSI TR 103 936 V1.1.1 (2024-01): Cyber Security; Implementing Design Practices to Mitigate Consumer IoT-Enabled Coercive Control". This pioneering document addresses the increasingly important issue of safeguarding individuals from coercive control through the misuse of consumer Internet of Things (IoT) devices. Coercive control encompasses a range of abusive acts such as security breaches, privacy invasions, harassment, physical assault, and other patterns of behaviour that can limit autonomy or cause emotional harm to potential targets. Read More... Full Article
si ETSI Standardization in support of AI By www.etsi.org Published On :: Fri, 12 Apr 2024 09:01:07 GMT Sophia Antipolis, 13 February 2024 Sharing intelligence: ETSI AI Conference highlights role of standardization in supporting ICT industry transformation. Held at ETSI’s Sophia Antipolis headquarters from 5-7 February, the event welcomed close to 200 participants from 25+ countries, with featured speakers including AI experts from government agencies, standards bodies, academia and industry. Artificial Intelligence/Machine Learning (AI/ML) technologies are enabling disruptive new applications across a wide range of digital products and services. Reviewing the current status of AI developments worldwide, the Conference explored the role of standardization in ETSI and other SDOs to support the development of a robust market for safe, lawful AI applications and services within the framework of European policymaking. Read More... Full Article
si Future confidence: Inaugural LTA Signature Augmentation and Validation Plugtests™ focuses on Long-Term Archive signatures By www.etsi.org Published On :: Fri, 12 Apr 2024 08:59:25 GMT Sophia Antipolis, 21 February 2024 ETSI’s first LTA Signature Augmentation and Validation Plugtests™ has seen international participants exchange over 35 000 digital signature validation reports. Held from 23 October - 22 December 2023, the remote interoperability event was organized by the ETSI Centre for Testing and Interoperability (CTI), on behalf of ETSI’s Technical Committee for Electronic Signatures and Trust Infrastructures (TC ESI). This Plugtests™ event was facilitated with the support and co-funding of the European Commission (EC) and the European Free Trade Association (EFTA). Conducted using a dedicated web portal, sessions over the month-long Plugtests™ attracted the involvement of 190 participants from 121 organizations across 38 countries. Read More... Full Article
si ETSI releases its two first reports on THz communication systems By www.etsi.org Published On :: Fri, 12 Apr 2024 08:58:10 GMT Sophia Antipolis, 05 April 2024 ETSI is pleased to announce the release of the first two Group Reports developed by its Terahertz Industry Specification Group (ISG THz). They are addressing key elements in this initial phase of the pre-standardization works for THz communications: the use-cases and the spectrum. The role of ETSI ISG THz is to develop an environment where various actors from the academia, research centres, industry can share, in a consensus-driven way, their pre-standardization efforts on THz technology resulting from various collaborative research projects and global initiatives, paving the way towards future standardization. Complementing the work of other ETSI Technical Bodies and other SDOs, the group concentrates on establishing the technical foundation for the development and standardization of THz communications. Read More... Full Article
si Aiming high: ETSI Conference on Non-Terrestrial Networks underlines critical role of NTN in realizing tomorrow’s global 6G vision By www.etsi.org Published On :: Tue, 16 Apr 2024 08:12:24 GMT Sophia Antipolis, 15 April 2024 This year’s first ETSI Conference on Non-Terrestrial Networks has stressed the importance of technical standardization in delivering a fully connected planet via NTN, a key element of tomorrow’s global 6G networks. Held from 3-4 April 2024 at ETSI’s Sophia Antipolis headquarters, the event was co-organized with the European Space Agency (ESA), the 6G Smart Networks and Services Industry Association (6G-IA) and the Smart Networks and Services Joint Undertaking (SNS JU). Titled ‘Non-Terrestrial Networks, a Native Component of 6G’, the 2-day conference attracted over 200 participants from 25 countries, including experts in standardization and research as well as industrial representation from the mobile, satellite and wider space industries. Delegates shared perspectives on NTN use cases, candidate technology solutions, current research status and standardization roadmaps. Day one sessions focused on the opportunities and challenges of integrating terrestrial and non-terrestrial networks within tomorrow’s global communications landscape. The second day afforded a deep dive into numerous cutting-edge NTN and 6G research & development initiatives in Europe and around the world. Read More... Full Article
si ETSI Multi-access Edge Computing completed Phase 3 Work and started Phase 4 By www.etsi.org Published On :: Mon, 15 Apr 2024 16:58:35 GMT Sophia Antipolis, 15 April 2024 ETSI Multi-access Edge Computing completed Phase 3 Work and started Phase 4 Leading to more effective and fruitful cross organization collaboration In the last three months, ETSI ISG MEC has released its final set of Phase 3 specifications and made significant progress on Phase 4 with the opening of new Work Items. In particular, the last Phase 3 version of MEC 011 (Edge Platform Application Enablement) contains the updates related to the latest alignment with 3GPP on CAPIF, thanks to a fruitful collaboration with SA6, CT3 and SA3 groups. Also, ISG MEC produced an updated version of MEC 040 (Federation Enablement APIs), that carefully considered the relevant work of other industry bodies relating to MEC federation and all relevant work done in ETSI. This work is critical for supporting the requirements from GSMA OPG (Operator Platform Group) to enable inter-MEC system communication and allow 5G operators to collaborate among themselves, with service cloud providers and with other stakeholders. New APIs are introduced for the enablement of MEC federation, helping operators to "federate" edge computing resources by offering their MEC service capabilities for mutual consumption, application developers and end-customers (e.g. vertical markets). Read More... Full Article
si ETSI elects Director-General Jan Ellsberger By www.etsi.org Published On :: Wed, 17 Apr 2024 16:15:59 GMT ETSI elects Director-General Jan Ellsberger Sophia Antipolis, 17 April 2024 During their 83rd General Assembly, 16-17 April 2024, ETSI members elected the ETSI Director-General Mr. Jan Ellsberger with a majority on the third ballot. Read More... Full Article
si ETSI unveils 2024 Fellows rewarding outstanding personal contribution By www.etsi.org Published On :: Fri, 19 Apr 2024 12:22:23 GMT Sophia Antipolis, 18 April 2024 ETSI is pleased to unveil its 2024 ETSI Fellows who were announced at the 83rd ETSI General Assembly on 16 April 2024.The Award Committee, composed of the GA Chair and Vice-Chairs, the Board Chair and the ETSI Director-General, unanimously named Dr. Howard Benn, Mr. Philippe Magneron, Dr. Matthias Schneider, Mrs. Isabelle Valet Harper and Mr. Dirk Weiler, as ETSI Fellows 2024 for their outstanding personal contributions to the organization. Read More... Full Article
si Preparing for a secure future: industry and business share plans for quantum era at 10th ETSI/IQC Quantum-Safe Cryptography Conference By www.etsi.org Published On :: Mon, 08 Jul 2024 08:56:55 GMT Sophia Antipolis, 24 May 2024 Speakers at the 10th ETSI/IQC Quantum Safe Cryptography Conference have called on organizations to prepare their cybersecurity infrastructures to address the challenges of a post-quantum world. Organized by ETSI and the Institute for Quantum Computing, this year’s conference was hosted from 14-16 May by the Centre for Quantum Technologies (CQT), National University of Singapore (NUS), in partnership with the Infocomm Media Development Authority (IMDA) and the Cyber Security Agency (CSA) of Singapore. The event attracted an impressive 235 onsite delegates from 27 countries, reflecting fast-growing interest worldwide in the critical importance of quantum-safe cryptography in today’s cybersecurity strategies. Read More... Full Article
si Collaboration with Utrecht University Summer School By www.etsi.org Published On :: Mon, 08 Jul 2024 08:59:16 GMT Sophia Antipolis, 11 June 2024 ETSI, the Standards People, are putting high emphasis on enhancing education to help prepare the next generation of standards professionals master tech standardization. The European standardization organization provides a comprehensive set of high-quality educational materials on ICT standardization aimed at universities, NSOs and member organizations for training purposes. This comprises a textbook on ‘Understanding ICT Standardization’ which is complemented by a modular slide set allowing components to be used in a range of engineering, business, and law courses. ETSI is pleased to announce a new collaboration with the Utrecht University Summer School on ‘Global Power and Technology’ covering ‘Competition, Innovation & Technological Advancement through Standardization in the EU’, taking place on 15-19 July 2024 in the Netherlands. Read More... Full Article
si ETSI Announces 1st Release of SDG OpenCAPIF Delivering a Robust, Secure, and Efficient 3GPP API Management Platform By www.etsi.org Published On :: Fri, 12 Jul 2024 08:12:20 GMT Sophia Antipolis, 9 July 2024 ETSI is excited to announce OpenCAPIF Release 1 is now available in the ETSI Labs. OpenCAPIF develops a Common API Framework as defined by 3GPP and this new version introduces several improvements and new features to deliver a more robust, secure, and efficient API Management Platform. These advancements are developed in tight collaboration and incorporating feedback from a growing Research Ecosystem including SNS projects such as 6G-SANDBOX, FIDAL, IMAGINEB5G, SAFE6G, ORIGAMI, ENVELOPE and SUNRISE6G. Read More... Full Article
si ETSI SDG OSL makes publicly available its 2024Q2 Release By www.etsi.org Published On :: Mon, 29 Jul 2024 12:34:59 GMT Sophia Antipolis, 29 July 2024 We are thrilled to announce our latest official release of OpenSlice, proudly brought to you by ETSI Software Development Group OpenSlice (SDG OSL). This marks our first release under the ETSI umbrella, reflecting our commitment to excellence and innovation in the field of open-source Operations Support System (OSS) solutions. We want to keep the community’s interest on par with our highest passion and expectation to revolutionize the way Network as a Service (NaaS) is delivered, and our latest release is a testament to our dedication! With this new release, we introduce significant changes aimed at enhancing user engagement and addressing the contemporary needs of both research and industry sectors on the matter. "The latest OpenSlice 2024Q2 version is a manifest to our commitment to pave the way for modern telco-cloud requirements, seamless integration and reference implementations for 6G" - Christos Tranoris, Senior Research at UPATRAS and Chair of ETSI SDG OSL. Read More... Full Article
si ETSI Open Source MANO announces Release SIXTEEN, enabling cloud-native orchestration of cloud infrastructure and applications By www.etsi.org Published On :: Wed, 04 Sep 2024 10:25:15 GMT Sophia Antipolis, 4 September 2024 The ETSI Open Source MANO community is proud to announce OSM Release SIXTEEN, a Long-Term-Support (LTS) release of ETSI OSM, which becomes the most innovative and feature-packed release shipped by OSM to date. This release brings a revolution in OSM’s functionality, positioning OSM as a generalized cloud-native orchestrator for infrastructure, platforms and services, which extends significantly its former scope. Full cloud-native management of Kubernetes clusters in public clouds, together with the applications or software units running on them, is now possible with Release SIXTEEN. Every operation related to the cluster management (creation, upgrading, scaling, deletion) or the applications running on them is reflected in Git repositories, following the GitOps model. This has been possible thanks to a major change in the internal architecture of OSM. Read More... Full Article
si ETSI NFV Release 5 (Version 5.1.1) is now available! By www.etsi.org Published On :: Thu, 05 Sep 2024 14:09:20 GMT Sophia Antipolis, 5 September 2024 The ETSI Industry Specification Group for Network Functions Virtualization (ISG NFV) has just published its specifications of Release 5 first drop as version 5.1.1. Read More... Full Article
si ETSI and 5GAA driving interoperability as C-V2X tests hit a 94% success rate By www.etsi.org Published On :: Mon, 30 Sep 2024 13:32:49 GMT Sophia Antipolis, 30 September 2024 Direct communications between vehicles, pedestrians and infrastructure based on 3GPP and ETSI TC ITS standards have been tested during the 4th C-V2X Plugtests™ interoperability event in Malaga, Spain, hosted by DEKRA (September 10- 13, 2024). In partnership with 5GAA, this Cellular Vehicle-to-Everything (C-V2X) and ITS technologies event attracted the participation of 24 companies and 82 experts – both onsite and via remote connections – with 94% of the planned tests, based on over 60 test scenarios, successfully completed. Read More... Full Article
si ETSI completes F5G Advanced Release 3 enabling 10Gbits to everybody By www.etsi.org Published On :: Tue, 08 Oct 2024 10:38:31 GMT Sophia Antipolis, 8 October 2024 ETSI announces the completion of its Release 3 specifications on Fifth Generation Advanced Fixed Network (F5G-A). Building on the achievements of the Release 1 and Release 2, the ETSI ISG F5G has specified a series of new features and capabilities, further elevating fixed fiber networks to a new level: Specification of F5G AdvancedETSI ISG F5G unveiled the "F5G Advanced Generation Definition", which not only further enhances existing three foundational features of F5G-Enhanced Fixed Broadband (eFBB), Full Fiber Connectivity (FFC), and Guaranteed Reliable Experience (GRE), but also introduces three new key features: Real-time Resilient Link (RRL), Optical Sensing and Visualization (OSV), and Green Agile Optical network (GAO). Read More... Full Article
si ETSI Security Conference 2024 By www.etsi.org Published On :: Mon, 21 Oct 2024 07:38:09 GMT Sophia Antipolis, 18 October 2024 One of the event highlights of the year - the ETSI Security Conference – has closed its doors at the end of expert discussions on a range of cybersecurity standardization topics. 195 onsite attendees enjoyed presentations across multiple sessions, over three and a half days, as well as networking opportunities at the breaks - extending into the evening - during the ETSI hosted social events. Read More... Full Article
si ETSI Releases New Guidelines to Enhance Cyber-security for Consumer IoT Devices By www.etsi.org Published On :: Thu, 31 Oct 2024 10:43:56 GMT Sophia Antipolis, 31 October 2024 Protect Confidentiality, Integrity and Availability of Data as Smart Devices Proliferate. Read More... Full Article
si ETSI announces TeraFlowSDN Release 4 By www.etsi.org Published On :: Wed, 06 Nov 2024 13:35:29 GMT Sophia Antipolis, 6 November 2024 End-to-end Network Automation and Security Framework Read More... Full Article
si A Galaxy Within: Single-Cell Genomics Open a New Frontier to Understanding the Brain By www.alumni.mcgill.ca Published On :: Wed, 31 Dec 1969 19:00:00 -0500 Starts: Thu, 14 Nov 2024 20:00:00 -050011/14/2024 06:00:00PMLocation: montreal, Canada Full Article
si One-on-One with President Deep Saini By www.alumni.mcgill.ca Published On :: Wed, 31 Dec 1969 19:00:00 -0500 Starts: Wed, 27 Nov 2024 13:00:00 -050011/27/2024 12:00:00PMLocation: Montreal, Canada Full Article
si MAA of Brome-Missisquoi Holiday Season Gathering By www.alumni.mcgill.ca Published On :: Wed, 31 Dec 1969 19:00:00 -0500 Starts: Sat, 30 Nov 2024 20:00:00 -050011/30/2024 05:00:00PMLocation: Lac-Brome (Knowlton), Canada Full Article
si Vancouver: Professional Networking By www.alumni.mcgill.ca Published On :: Wed, 31 Dec 1969 19:00:00 -0500 Starts: Thu, 12 Dec 2024 09:30:00 -050012/12/2024 08:00:00AMLocation: Vancouver, Canada Full Article
si Choosing Future Population By nationalhumanitiescenter.org Published On :: Wed, 24 Feb 2010 10:43:52 -0400 New essay by Joel E. Cohen just added to Nature Transformed: The Environment in American History, TeacherServe from the National Humanities Center. Full Article
si Notice of Coming into Force of National Instrument 93-101 Derivatives: Business Conduct By www.osc.ca Published On :: Thu, 26 Sep 2024 13:51:06 GMT National Instrument 93-101 Derivatives: Business Conduct (the Rule) will come into force on September 28, 2024 (the Effective Date), pursuant to section 143.4 of the Securities Act (Ontario). Full Article
si Multilateral Instrument 93-101 Derivatives: Business Conduct By www.osc.ca Published On :: Thu, 26 Sep 2024 14:03:22 GMT This document is only available as a PDF. Full Article
si Companion Policy 93-101 Derivatives: Business Conduct By www.osc.ca Published On :: Thu, 26 Sep 2024 14:11:27 GMT This document is only available as a PDF. Full Article
si Notice of Ministerial Approval of Amendments to OSC Rule 91-507 Trade Repositories and Derivatives Data Reporting and Consequential Amendments to OSC Rule 13-502 Fees By www.osc.ca Published On :: Thu, 10 Oct 2024 14:22:57 GMT The Minister of Finance has approved amendments to Ontario Securities Commission (OSC) Rule 91-507 Trade Repositories and Derivatives Data Reporting and consequential amendments to OSC Rule 13-502 Fees (collectively, the Amendments) pursuant to Full Article
si Amendments to OSC Rule 91-507 Trade Repositories and Derivatives Data Reporting By www.osc.ca Published On :: Thu, 10 Oct 2024 14:35:58 GMT 1. Ontario Securities Commission Rule 91-507 Trade Repositories and Derivatives Data Reporting is amended by this Instrument. Full Article
si Detailed Data on Balance of Issuers in ninth Staff Review of Disclosure regarding Women on Boards and in Executive Officer Positions By www.osc.ca Published On :: Tue, 29 Oct 2024 15:24:59 GMT Full Article
si CSA Multilateral Staff Notice 58-317 - Review of Disclosure Regarding Women on Boards and in Executive Officer Positions - Year 10 Report By www.osc.ca Published On :: Tue, 29 Oct 2024 15:41:58 GMT This document is only available in PDF format. Full Article
si Detailed Data on CSA Multilateral Staff Notice 58-317 Report on tenth Staff Review of Disclosure regarding Women on Boards and in Executive Officer Positions By www.osc.ca Published On :: Tue, 29 Oct 2024 15:53:42 GMT Full Article
si Ontario Securities Commission – Coordinated Blanket Order 96-932 By www.osc.ca Published On :: Wed, 30 Oct 2024 18:21:33 GMT This document is only available as a PDF. Full Article
si Graphic Designer II By phf.tbe.taleo.net Published On :: Thu, 11 Jul 2024 20:27:58 GMT Job Summary The International Food Policy Research Institute (IFPRI) seeks a highly motivated Graphic Designer II to join our Communications and Public Affairs team. This position is a one-year, renewable appointment, based in its New Delhi office, India and report to the Manager for Creative Solutions, who is based in Washington, DC. The Graphic Designer will produce high-quality and professional visual communication products to promote IFPRI's research to a diverse range of target audiences and through multiple channels. The successful candidate will be an enthusiastic, creative, and team-oriented individual with experience designing and delivering compelling visual communication outputs in a dynamic environment. Interested candidates should submit a resume, cover letter, and a portfolio demonstrating their graphic design work. The portfolio should include a variety of projects showcasing skills in typography, layout, creativity, and use of design software (Adobe InDesign, Illustrator, Photoshop, and Canva) and include. links to digital portfolios or PDF attachments. Applications without a portfolio will not be considered. Interested applicants must have work authorization to work in India. Essential Duties: Specific duties and responsibilities include but are not limited to: Design both print and digital visual communication products: Develop multiple design concepts and carry them through to final delivery, including but not limited to conference banners, brochures, data visualizations, flyers, posters, presentations, research reports, and websites. Layout print publications: Design and layout policy papers and reports while assisting in the creation of flexible InDesign templates. Create engaging digital content: Design visual content for the IFPRI website, interactive applications, social media, and email campaigns. Apply design principles: Utilize knowledge of layout, color theory, typography, and iconography to execute a wide variety of graphic design projects for both print and digital media. Provide branding guidance: Insure IFPRI products adhere to a consistent visual style and uphold professional standards, providing branding guidance to staff as needed. Brand design: Develop and execute creative concepts for branding, including logos, typography, color palettes, and overall visual identity. Innovate in interactive design: Lead initiatives on using innovative methods of interactive design to communicate research findings to both new and established audiences. Web Design: Develop visual design for IFPRI’s main website and microsites, ensure adherence to style guidelines. Coordinate printing: Manage the printing process of IFPRI publications and materials with local and international vendors. Collaborate effectively: Work collaboratively across the institution to ensure the timely delivery of high-quality design deliverables. Monitor and educate on digital trends: Stay updated on current digital trends, technologies, and industry standards, and educate both the team and IFPRI staff on best practices. Required Qualifications: Bachelor's Degree in Art Design, Fine arts, Communications, Marketing or related field plus five years of relevant professional experience or Master’s plus three years in related field. Experience in graphic design, producing high-quality artwork, illustrations, and other graphics for communication purposes, including websites. Proven graphic design experience with a strong portfolio demonstrating excellent typography, layout, and creativity. Extensive experience with Adobe InDesign, Illustrator, and Photoshop. Basic knowledge/understanding of DTP software like Corel Draw. Proficiency in using Canva for creating and managing visual content. In-depth knowledge and understanding of social media and web platforms, with demonstrated experience generating engaging content. Familiarity with designing within PowerPoint and MS Word. Ability to work quickly to meet tight deadlines and handle multiple projects simultaneously. Outstanding organizational and planning skills, with exceptional attention to detail. Strong interpersonal and collaboration skills; proven ability to be flexible in a team-oriented environment with diverse groups of people. Physical Demand & Work environment: Employee will sit in an upright position for a long period of time. Employee will lift between 0-10 pounds. Employee is required to have close visual acuity to perform activities such as: data preparation, web-scraping, preparing, and analyzing data and figure s; dashboard; viewing computer terminal; extensive coding. Full Article
si Research Assistant/ Research Analyst I By phf.tbe.taleo.net Published On :: Wed, 24 Jul 2024 13:45:28 GMT Job Summary: The International Food Policy Research Institute (IFPRI) seeks a qualified candidate to serve as a Research Assistants/ Research Analyst I in its Development Strategies and Governance Unit for the Sudan Strategy Support Program. This is a one-year, renewable appointment. The successful candidates will work with senior research staff in the analysis of agriculture, rural development, food and nutrition security and related policies and other research activities including research work related to the ensuing conflict in Sudan. The incumbent will work under the overall guidance of the IFPRI Sudan Program Leader but will be employed directly by IFPRl's organizational host, the Arab Organization for Agricultural Development (AOAD) - employment policies, compensation, and benefits of AOAD will apply to this position. Interested applicants must have authorization to work in Sudan. The final grade level will be determined by level of education and years of relevant work experience. Essential Duties: Specific Duties include but are not limited to: Assist the collection of primary and secondary data, Asist build large dataset from multiple sources, Assist to analyze data using advance analytical methods, Assist in conducting literature reviews and synthesis, Assist in drafting and translating reports, research papers, and blog posts between English and Arabic languages, Assist in capacity building and support outreach activities, Assist to coordinate projects and conduct other duties as assigned. Required Qualifications: Research Assistant: Bachelor's or its equivalent in Economics, Agricultural Economics, Statistics, or closely related fields, Research Analyst: Bachelor’s degree plus two years of relevant professional experience or Master’s degree in a relevant discipline, Excellent knowledge of macroeconomic and/or microeconomic theory, Excellent knowledge of and quantitative econometric methods and/or economic modeling, Excellent knowledge of Stata and/or GAMS, Excellent analytical mind and drafting skills, Demonstrated fluency in written and spoken English and Arabic , Excellent interpersonal skills and to work in a team-oriented multi-cultural environment, Demonstrated ability to multi-task, meet deadlines, and manage time, Demonstrated professional level of attention to detail and accuracy of work, Ability to work independently and take initiative, Willingness to travel. Preferred Qualifications: Previous experience conducting research on and collecting data in Sudan. Familiarity with the literature on economic and agriculture development, food security, poverty reduction and related fields. Previous experience related to policy analysis and impact evaluation. Experience with spatial analysis and ARC-GIS. Experience with policy communication activities and events organization. Experience with managing websites and updating their contents. Experience in academia, the private sector, a development-oriented organization, or comparable institution, Physical Demand & Work environment Employee will sit in an upright position for a long period of time. Employee will lift between 0-10 pounds. Employee is required to have close visual acuity to perform activities such as: preparing and analyzing data and figures; transcribing; viewing computer terminal; extensive reading. Full Article
si Assessing social media impact – a workshop at ScienceOnline #scioimpact By www.nature.com Published On :: Mon, 28 Jan 2013 15:00:33 +0000 Assessing social media impact was one of the workshop sessions at November’s SpotOn London conference, Full Article Featured Outreach Tools #scio13 #scioimpact
si SpotOn London Storify: Wikipedia editing session By www.nature.com Published On :: Mon, 11 Nov 2013 15:16:19 +0000 Here is a Storify collecting the online conversations from the Wikipedia editing workshop at this year’s Full Article Featured SpotOn London (#SoLo) Storifys Tools #solo13wiki
si Measures for Advancing Gender Equality (MAGNET) Website By www.youtube.com Published On :: Wed, 26 Jun 2024 14:10:42 GMT Full Article
si How should governments respond to crises? Rapid response using RIAPA modeling system By www.youtube.com Published On :: Tue, 13 Aug 2024 20:58:25 GMT Full Article
si Empowering Women: Inclusion in India's Government Planning (Short Version) By www.youtube.com Published On :: Tue, 20 Aug 2024 15:27:07 GMT Full Article
si Empowering Women: Inclusion in India's Government Planning (Odia Subtitles) By www.youtube.com Published On :: Fri, 23 Aug 2024 21:55:19 GMT Full Article
si From Bugs to Breaches: 25 Significant CVEs As MITRE CVE Turns 25 By www.tenable.com Published On :: Tue, 22 Oct 2024 11:11:11 -0400 Twenty five years after the launch of CVE, the Tenable Security Response Team has handpicked 25 vulnerabilities that stand out for their significance.BackgroundIn January 1999, David E. Mann and Steven M. Christey published the paper “Towards a Common Enumeration of Vulnerabilities” describing an effort to create interoperability between multiple vulnerability databases. To achieve a common taxonomy for vulnerabilities and exposures, they proposed Common Vulnerabilities and Exposures (CVE). In September 1999, the MITRE Corporation finalized the first CVE list, which included 321 records. CVE was revealed to the world the following month.As of October 2024, there are over 240,000 CVEs. including many that have significantly impacted consumers, businesses and governments. The Tenable Security Response Team has chosen to highlight the following 25 significant vulnerabilities, followed by links to product coverage for Tenable customers to utilize.25 Significant CVEsCVE-1999-0211: SunOS Arbitrary Read/Write VulnerabilityArbitrary ReadArbitrary WriteLocalCritical1999Why it’s significant: To our knowledge, there is no formally recognized “first CVE.” However, the GitHub repository for CVE.org shows that the first CVE submitted was CVE-1999-0211 on September 29, 1999 at 12:00AM. Because it was the first one, we’ve chosen to highlight it. The vulnerability was first identified in 1991 and a revised patch was issued in 1994.CVE-2010-2568: Windows Shell Remote Code Execution VulnerabilityRemote Code ExecutionExploitedZero-DayLocalStuxnetHigh2010Why it’s significant: Regarded as one of the most sophisticated cyberespionage tools ever created, Stuxnet was designed to target SCADA systems in industrial environments to reportedly sabotage Iran's nuclear program. Stuxnet exploited CVE-2010-2568 as one of its initial infection vectors, spreading via removable drives. Once a compromised USB drive was inserted into a system, Stuxnet was executed automatically via the vulnerability, infecting the host machine, propagating to other systems through network shares and additional USB drives.CVE-2014-0160: OpenSSL Information Disclosure VulnerabilityHeartbleedInformation DisclosureExploitedZero-DayNetworkCybercriminalsHigh2014Why it’s significant: Dubbed “Heartbleed” because it was found in the Heartbeat extension of OpenSSL, this vulnerability allows an attacker, without prior authentication, to send a malicious heartbeat request with a false length field, claiming the packet contains more data than it does. The receiving system would then return data from its memory extending beyond the legitimate request, which may include sensitive private data, such as server keys and user credentials. OpenSSL is used by millions of websites, cloud services, and even VPN software, for encryption, making Heartbleed one of the most widespread vulnerabilities at the time.CVE-2014-6271: GNU Bash Shellshock Remote Code Execution VulnerabilityShellshock Bash Bug Remote Code ExecutionExploitedZero-DayNetworkCybercriminalsCritical2014Why it’s significant: An attacker could craft an environment variable that contained both a function definition and additional malicious code. When Bash, a command interpreter used by Unix-based systems including Linux and macOS, processed this variable, it would execute the function, but also run the arbitrary commands appended after the function definition. “Shellshock” quickly became one of the most severe vulnerabilities discovered, comparable to Heartbleed’s potential impact. Attackers could exploit Shellshock to gain full control of vulnerable systems, leading to data breaches, service interruptions and malware deployment. The impact extended far beyond local systems. Bash is used by numerous services, particularly web servers, via CGI scripts to handle HTTP requests.CVE-2015-5119: Adobe Flash Player Use After FreeRemote Code Execution Denial-of-ServiceExploitedZero-DayCybercriminalsAPT GroupsCritical2015Why it’s significant: Discovered during the Hacking Team data breach, it was quickly weaponized, appearing in multiple exploit kits. CVE-2015-5119 is a use-after-free flaw in Flash’s ActionScript ByteArray class, allowing attackers to execute arbitrary code by tricking users into visiting a compromised website. It was quickly integrated into attack frameworks used by Advanced Persistent Threat (APT) groups like APT3, APT18, and Fancy Bear (APT28). These groups, with ties to China and Russia, used the vulnerability to spy on and steal data from governments and corporations. Fancy Bear has been associated with nation-state cyber warfare, exploiting Flash vulnerabilities for political and military intelligence information gathering. This flaw, along with several other Flash vulnerabilities, highlighted Flash’s risks, accelerating its eventual phase-out.CVE-2017-11882: Microsoft Office Equation Editor Remote Code Execution VulnerabilityRemote Code ExecutionExploitedNetworkCybercriminalsAPT GroupsHigh2017Why it’s significant: The vulnerability existed for 17 years in Equation Editor (EQNEDT32.EXE), a Microsoft Office legacy component used to insert and edit complex mathematical equations within documents. Once CVE-2017-11882 became public, cybercriminals and APT groups included it in maliciously crafted Office files. It became one of 2018’s most exploited vulnerabilities and continues to be utilized by various threat actors including SideWinder.CVE-2017-0144: Windows SMB Remote Code Execution VulnerabilityEternalBlueRemote Code ExecutionExploitedNetworkWannaCry NotPetyaHigh2017Why it’s significant: CVE-2017-0144 was discovered by the National Security Agency (NSA) and leaked by a hacker group known as Shadow Brokers, making it widely accessible. Dubbed “EternalBlue,” its capacity to propagate laterally through networks, often infecting unpatched machines without human interaction, made it highly dangerous. It was weaponized in the WannaCry ransomware attack in May 2017 and spread globally. It was reused by NotPetya, a data-destroying wiper originally disguised as ransomware. NotPetya targeted companies in Ukraine before spreading worldwide. This made it one of history’s costliest cyberattacks.CVE-2017-5638: Apache Struts 2 Jakarta Multipart Parser Remote Code Execution VulnerabilityRemote Code ExecutionExploitedNetworkEquifax BreachCritical2017Why it’s significant: This vulnerability affects the Jakarta Multipart Parser in Apache Struts 2, a popular framework for building Java web applications. An attacker can exploit it by injecting malicious code into HTTP headers during file uploads, resulting in remote code execution (RCE), giving attackers control of the web server. CVE-2017-5638 was used in the Equifax breach, where personal and financial data of 147 million people was stolen, emphasizing the importance of patching widely-used frameworks, particularly in enterprise environments, to prevent catastrophic data breaches.CVE-2019-0708: Remote Desktop Services Remote Code Execution VulnerabilityBlueKeep DejaBlue Remote Code ExecutionExploitedNetworkRansomware GroupsCybercriminalsCritical2019Why it’s significant: Dubbed "BlueKeep," this vulnerability in Windows Remote Desktop Services (RDS) was significant for its potential for widespread, self-propagating attacks, similar to the infamous WannaCry ransomware. An attacker could exploit this flaw to execute arbitrary code and take full control of a machine through Remote Desktop Protocol (RDP), a common method for remote administration. BlueKeep was featured in the Top Routinely Exploited Vulnerabilities list in 2022 and was exploited by affiliates of the LockBit ransomware group.CVE-2020-0796: Windows SMBv3 Client/Server Remote Code Execution VulnerabilitySMBGhost EternalDarknessRemote Code ExecutionExploited NetworkCybercriminalsRansomware GroupsCritical2020Why it’s significant: Its discovery evoked memories of EternalBlue because of the potential for it to be wormable, which is what led to it becoming a named vulnerability. Researchers found it trivial to identify the flaw and develop proof-of-concept (PoC) exploits for it. It was exploited in the wild by cybercriminals, including the Conti ransomware group and its affiliates.CVE-2019-19781: Citrix ADC and Gateway Remote Code Execution VulnerabilityPath TraversalExploitedNetworkAPT GroupsRansomware GroupsCybercriminalsCritical2019Why it’s significant: This vulnerability in Citrix Application Delivery Controller (ADC) and Citrix Gateway is significant due to its rapid exploitation by multiple threat actors, including state-sponsored groups and ransomware affiliates. By sending crafted HTTP requests, attackers could gain RCE and take full control of affected devices to install malware or steal data. The vulnerability remained unpatched for a month after its disclosure, leading to widespread exploitation. Unpatched systems are still being targeted today, highlighting the risk of ignoring known vulnerabilities.CVE-2019-10149: Exim Remote Command Execution VulnerabilityRemote Command ExecutionExploitedNetworkAPT GroupsCybercriminalsCritical2019Why it’s significant: This vulnerability in Exim, a popular Mail Transfer Agent, allows attackers to execute arbitrary commands with root privileges simply by sending a specially crafted email. The availability of public exploits led to widespread scanning and exploitation of vulnerable Exim servers, with attackers using compromised systems to install cryptocurrency miners (cryptominers), launch internal attacks or establish persistent backdoors. The NSA warned that state-sponsored actors were actively exploiting this flaw to compromise email servers and gather sensitive information.CVE-2020-1472: Netlogon Elevation of Privilege VulnerabilityZerologonElevation of PrivilegeExploitedLocalRansomware GroupsAPT GroupsCybercriminalsCritical2020Why it’s significant: This vulnerability in the Netlogon Remote Protocol (MS-NRPC) allows attackers with network access to a Windows domain controller to reset its password, enabling them to impersonate the domain controller and potentially take over the entire domain. Its severity was underscored when Microsoft reported active exploitation less than two months after disclosure and the Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive to patch the flaw. Despite available patches, it continues to be exploited by ransomware groups, APT groups, and others, highlighting its broad and ongoing impact on network security.CVE-2017-5753: CPU Speculative Execution Bounds Check Bypass VulnerabilitySpectreSpeculative Execution Bounds Check BypassLocalMedium2018Why it’s significant: In a speculative execution process, an idle microprocessor waiting to receive data speculates what the next instruction might be. Although meant to enhance performance, this process became a fundamental design flaw affecting the security of numerous modern processors. In Spectre’s case, an attacker-controlled process could read arbitrary memory belonging to another process. Since its discovery in January 2018, Spectre has affected nearly all modern processors from Intel, AMD and ARM. While it’s difficult to execute a successful Spectre attack, fully remediating the root cause is hard and requires microcode as well as operating system updates to mitigate the risk.CVE-2017-5754: CPU Speculative Execution Rogue Data Cache Load VulnerabilityMeltdownSpeculative Execution Rogue Data Cache LoadLocalHigh2018Why it’s significant: Meltdown, another speculative execution vulnerability released alongside Spectre, can allow a userspace program to read privileged kernel memory. It exploits a race condition between the memory access and privilege checking while speculatively executing instructions. Meltdown impacts desktop, laptop and cloud systems and, according to researchers, may affect nearly every Intel processor released since 1995. With a wide reaching impact, both Spectre and Meltdown sparked major interest in a largely unexplored security area. The result: a slew of research and vulnerability discoveries, many of which were also given names and logos. While there’s no evidence of a successful Meltdown exploit, the discovery showcased the risk of security boundaries enforced by hardware.CVE-2021-36942: Windows LSA Spoofing VulnerabilityPetitPotamSpoofingExploitedZero-DayNetworkRansomware GroupsHigh2021Why it’s significant: This vulnerability can force domain controllers to authenticate to an attacker-controlled destination. Shortly after a PoC was disclosed, it was adopted by ransomware groups like LockFile, which have chained Microsoft Exchange vulnerabilities with PetitPotam to take over domain controllers. Patched in the August 2021 Patch Tuesday release, the initial patch for CVE-2021-36942 only partially mitigated the issue, with Microsoft pushing general mitigation guidance for defending against NTLM Relay Attacks.CVE-2022-30190: Microsoft Windows Support Diagnostic Tool Remote Code ExecutionFollinaRemote Code ExecutionExploitedZero-DayLocalQakbot RemcosHigh2022Why it’s significant: Follina, a zero-day RCE vulnerability in MSDT impacting several versions of Microsoft Office, was later designated CVE-2022-30190. After public disclosure in May 2022, Microsoft patched Follina in the June 2022 Patch Tuesday. After disclosure, reports suggested that Microsoft dismissed the flaw’s initial disclosure as early as April 2022. Follina has been widely adopted by threat actors and was associated with some of 2021’s top malware strains in a joint cybersecurity advisory from CISA and the Australian Cyber Security Centre (ACSC), operating under the Australian Signals Directorate (ASD).CVE-2021-44228: Apache Log4j Remote Code Execution VulnerabilityLog4ShellRemote Code ExecutionExploitedNetworkCybercriminalsAPT GroupsCritical2021Why it’s significant: Log4j, a Java logging library widely used across many products and services, created a large attack surface. The discovery of CVE-2021-44228, dubbed “Log4Shell,” caused great concern, as exploitation simply requires sending a specially crafted request to a server running a vulnerable version of Log4j. After its disclosure, Log4Shell was exploited in attacks by cryptominers, DDoS botnets, ransomware groups and APT groups including those affiliated with the Iranian Islamic Revolutionary Guard Corps (IRGC).CVE-2021-26855: Microsoft Exchange Server Server-Side Request Forgery VulnerabilityProxyLogonServer-Side Request Forgery (SSRF)ExploitedZero-DayNetworkAPT Groups Ransomware GroupsCybercriminalsCritical2021Why it’s significant: CVE-2021-26855 was discovered as a zero-day along with four other vulnerabilities in Microsoft Exchange Server. It was exploited by a nation-state threat actor dubbed HAFNIUM. By sending a specially crafted HTTP request to a vulnerable Exchange Server, an attacker could steal the contents of user mailboxes using ProxyLogon. Outside of HAFNIUM, ProxyLogon has been used by ransomware groups and other cybercriminals. Its discovery created a domino effect, as other Exchange Server flaws, including ProxyShell and ProxyNotShell, were discovered, disclosed and subsequently exploited by attackers.CVE-2021-34527: Microsoft Windows Print Spooler Remote Code Execution VulnerabilityPrintNightmareRemote Code ExecutionExploitedLocalAPT GroupsRansomware GroupsCybercriminalsHigh2021Why it’s significant: This RCE in the ubiquitous Windows Print Spooler could grant authenticated attackers arbitrary code execution privileges as SYSTEM. There was confusion surrounding the disclosure of this flaw, identified as CVE-2021-34527 and dubbed “PrintNightmare.” Originally, CVE-2021-1675, disclosed in June 2021, was believed to be the real PrintNightmare. However, Microsoft noted CVE-2021-1675 is “similar but distinct” from PrintNightmare. Since its disclosure, several Print Spooler vulnerabilities were disclosed, while a variety of attackers, including the Magniber and Vice Society ransomware groups exploited PrintNightmare.CVE-2021-27101: Accellion File Transfer Appliance (FTA) SQL Injection VulnerabilitySQL InjectionExploitedZero-DayNetworkRansomware GroupCritical2021Why it’s significant: The file transfer appliance from Accellion (now known as Kiteworks) was exploited as a zero-day by the CLOP ransomware group between December 2020 and early 2021. Mandiant, hired by Kiteworks to investigate, determined that CLOP (aka UNC2546) exploited several flaws in FTA including CVE-2021-27101. This was CLOP’s first foray into targeting file transfer solutions, as they provide an easy avenue for the exfiltration of sensitive data that can be used to facilitate extortion.CVE-2023-34362: Progress Software MOVEit Transfer SQL Injection VulnerabilitySQL InjectionExploitedZero-DayNetworkRansomware GroupCritical2023Why it’s significant: CLOP’s targeting of file transfer solutions culminated in the discovery of CVE-2023-34362, a zero-day in Progress Software’s MOVEit Transfer, a secure managed file transfer software. CLOP targeted MOVEit in May 2023 and the ramifications are still felt today. According to research conducted by Emsisoft, 2,773 organizations have been impacted and information on over 95 million individuals has been exposed as of October 2024. This attack underscored the value in targeting file transfer solutions.CVE-2023-4966: Citrix NetScaler and ADC Gateway Sensitive Information Disclosure VulnerabilityCitrixBleedInformation DisclosureExploitedZero-DayNetworkRansomware GroupsAPT GroupsCritical2023Why it’s significant: CVE-2023-4966, also known as “CitrixBleed,” is very simple to exploit. An unauthenticated attacker could send a specially crafted request to a vulnerable NetScaler ADC or Gateway endpoint and obtain valid session tokens from the device’s memory. These session tokens could be replayed back to bypass authentication, and would persist even after the available patches had been applied. CitrixBleed saw mass exploitation after its disclosure, and ransomware groups like LockBit 3.0 and Medusa adopted it.CVE-2023-2868: Barracuda Email Security Gateway (ESG) Remote Command Injection VulnerabilityRemote Command InjectionExploitedZero-DayNetworkAPT GroupsCritical2023Why it’s significant: Researchers found evidence of zero-day exploitation of CVE-2023-2868 in October 2022 by the APT group UNC4841. While Barracuda released patches in May 2023, the FBI issued a flash alert in August 2023 declaring them “ineffective,” stating that “active intrusions” were being observed on patched systems. This led to Barracuda making an unprecedented recommendation for the “immediate replacement of compromised ESG appliances, regardless of patch level.”CVE-2024-3094: XZ Utils Embedded Malicious Code VulnerabilityEmbedded Malicious CodeZero-DayUnknown Threat Actor (Jia Tan)Critical2024Why it’s significant: CVE-2024-3094 is not a traditional vulnerability. It is a CVE assigned for a supply-chain backdoor discovered in XZ Utils, a compression library found in various Linux distributions. Developer Andres Freund discovered the backdoor while investigating SSH performance issues. CVE-2024-3094 highlighted a coordinated supply chain attack by an unknown individual that contributed to the XZ GitHub project for two and a half years, gaining the trust of the developer before introducing the backdoor. The outcome of this supply chain attack could have been worse were it not for Freund’s discovery.Identifying affected systemsA list of Tenable plugins for these vulnerabilities can be found on the individual CVE pages:CVE-1999-0211CVE-2010-2568CVE-2014-0160CVE-2014-6271CVE-2015-5119CVE-2017-11882CVE-2017-0144CVE-2017-5638CVE-2019-0708CVE-2020-0796CVE-2019-19781CVE-2019-10149CVE-2020-1472CVE-2017-5753CVE-2017-5754CVE-2021-36942CVE-2022-30190CVE-2021-44228CVE-2021-26855CVE-2021-34527CVE-2021-27101CVE-2023-34362CVE-2023-4966CVE-2023-2868CVE-2024-3094 Full Article
si OSC publishes gamification research and launches new trading simulation tool for Investor Education Month By www.osc.ca Published On :: Wed, 09 Oct 2024 12:31:40 GMT TORONTO – The Ontario Securities Commission (OSC) today released a new report that studied the impact of gamification on investors. Full Article
si Canadian securities regulators announce results of 10th annual review of representation of women on boards and in executive officer positions in Canada By www.osc.ca Published On :: Tue, 29 Oct 2024 18:20:36 GMT TORONTO – Participating Canadian securities regulators today published the results of their 10th consecutive annual review of disclosures relating to women on boards and in executive officer positions, as well as the underlying data that was used to prepare the report. Full Article
si OSC study finds ESG ratings greatly influence investor decisions but are difficult to understand By www.osc.ca Published On :: Wed, 30 Oct 2024 13:50:36 GMT TORONTO – The Ontario Securities Commission (OSC) today released the results of a study examining the influence of environmental, social and governance (ESG) factors on retail investor decision making. Full Article
si SpotOn London 2012 Storify: Incentivising Open Access and Open Science: Carrot and Stick By www.nature.com Published On :: Tue, 20 Nov 2012 13:12:21 +0000 Here is a Storify round up of the SpotOn London session: Incentivising Open Access and Open Full Article Featured Policy SpotOn London (#SoLo) Storifys #solo12open
si Something is killing the children. Volume 3 / written by James Tynion IV ; illustrated by Werther Dell'Edera ; colored by Miquel Muerto ; lettered by AndWorld Design ; cover by Werther Dell'Edera with colors by Miquel Muerto. By library.gcpl.lib.oh.us Published On :: "As the House of Slaughter arrives to clean up the situation by any means necessary, Erica will find that the true threat to those around her isn't who— or what— she ever expected. And the cost of saving the day may be too high for anyone to pay … ." -- Description provided by publisher. Full Article
si Firefly. Blue Sun rising. Part 1 / created by Joss Whedon ; written by Greg Pak ; illustrated by Dan McDaid, Lalit Kumar Sharma, Daniel Bayliss ; colored by Marcelo Costa ; lettered by Jim Campbell. By library.gcpl.lib.oh.us Published On :: "Sheriff Mal Reynolds has a new partner— a law enforcing robot from the Blue Sun corporation, who doesn't care about motives, about mercy, about anything other than enforcing the law— no matter the cost. The Blue Sun Corporation has helped to run the universe from the shadows for years, but they're ready to step into the light and take over. If Mal wants to keep his job and protect his sector, the smart move would be to play by their rulebook. But for Mal, there's really one choice— reunite the crew of the Serenity for one last impossible job to save the 'verse. Greg Pak and artist Dan McDaid launch Mal & the crew of Serenity into their biggest war yet, officially continuing Joss Whedon's acclaimed series." -- Provided by publisher. Full Article
