This document is only available in PDF format.

Last week I had a wonderful experience attending the 2019 African Green Revolution Forum, held in Accra, Ghana. Many stakeholders, including political leaders, policymakers, researchers, and private sector and civil society representatives, gathered at the Forum, focusing on the role of the digital revolution in driving sustainable food system transformation in Africa. At a plenary […]

Tackling global challenges to food systems means we must better understand the future of aquatic foods. Research is critical to understand emerging opportunities for innovations—including the rise of lab-grown fish—and how these innovations can advance a healthy, sustainable, and equitable food system. To advance this research, I recently had the honor of formalizing a new […]

Recently I had the pleasure of engaging several events focusing on the intersection of food, nutrition, and health in China. First, I participated in the 3rd Belt & Road Initiative Global Health International Congress, held in Xi’an, which brought together stakeholders with a vision to strengthen exchanges and cooperation in health research for the Belt […]

I was delighted to spend the last week in Des Moines, Iowa, on the occasion of this year’s World Food Prize Week. To start the week, I had the pleasure of presenting the report, “How the United States Benefits from Agricultural and Food Security in Developing Countries,” together with the Board for International Food and […]

I had the pleasure of meeting with FAO Director-General Qu Dongyu in Rome this week. On behalf of IFPRI, I had the chance to renew the Memorandum of Understanding with FAO to further strengthen collaboration and partnership toward our shared goal of achieving the Sustainable Development Goals (SDGs) by 2030. Building on successful IFPRI-FAO partnerships, […]

Growing consensus in the scientific community indicates that higher temperatures and changing precipitation levels resulting from climate change will depress crop yields in many countries over the coming decades. This is particularly true in low-income countries, where adaptive capacity is low. Many African countries are particularly vulnerable to climate change because their economies largely depend on climate-sensitive agricultural production.

"Ethiopia's agricultural sector, which is dominated by smallscale, mixed-crop, and livestock farming, is the mainstay of the country's economy. It constitutes more than half of the country's gross domestic product, generates more than 85 percent of foreign exchange earnings, and employs about 80 percent of the population. Unfortunately, Ethiopia's dependence on agriculture makes the country particularly vulnerable to the adverse impactsof climate change on crop and livestock production.

Agricultural production remains the main source of livelihood for rural communities in Sub-Saharan Africa, providing employment to more than 60 percent of the population and contributing about 30 percent of gross domestic product. With likely long-term changes in rainfall patterns and shifting temperature zones, climate change is expected to significantly affect agricultural production, which could be detrimental to the region’s food security and economic growth.

The potential adverse effects of climate change on Ethiopia’s agricultural sector are a major concern, particularly given the country’s dependence on agricultural production. Securing Ethiopia’s economic and social well-being in the face of climate change requires that policymakers and stakeholders work together to integrate climate change adaptation into the country’s development process.

Numerous studies indicate that agricultural production is sensitive to climate variability, and lack of infrastructure in developing countries increases vulnerability to extreme climate events. In Ethiopia, the historical climate record indicates frequent droughts and floods, which can devastate agricultural production and existing infrastructure. Too much precipitation can flood crops, rot or suffocate roots, and wash out roads, creating similar economic conditions to those resulting from drought.

Ethiopia possesses abundant water resources and hydropower potential, yet less than 5 percent of irrigable land in the Blue Nile basin has been developed for food production, and more than 80 percent of Ethiopians lack access to electricity. Consequently, the Ethiopian government is pursuing plans to develop hydropower and irrigation along the Blue Nile River in an effort to tap into this underused potential.

Ethiopia’s agricultural sector, which is dominated by smallscale, mixed crop, and livestock farming, is the mainstay of the country’s economy. It constitutes more than half the nation’s gross domestic product (GDP), generates more than 85 percent of the foreign exchange earnings, and employs about 80 percent of the population. Ethiopia’s dependence on agriculture makes the country particularly vulnerable to the adverse impacts of climate change on crop and livestock production.

Mechanization service providers in Myanmar were originally interviewed by telephone in early May 2020 in order to determine how their businesses were being affected by COVID-19 related restrictions. The results of that survey were published in Myanmar Strategy Support Program Policy Note 07. To trace the continuing impact of the COVID-19 pandemic on their economic activities, a second phone survey of mechanization service providers was done in mid-June 2020. This Policy Note reports on the results of this second survey.

In this episode of the IoT Insider podcast, Bernard Montel provides a brief history of the evolution of the Cloud and the challenges of securing it.

Tenable®, the exposure management company, today announced new risk prioritization and compliance features for Tenable Nessus, the #1 vulnerability assessment solution in accuracy, coverage and adoption. Nessus supports new and updated vulnerability scoring systems – Exploit Prediction Scoring System (EPSS) and Common Vulnerability Scoring System (CVSS) v4 – to help customers implement more effective prioritization for risk reduction and maintain compliance.

Due to evolving threats and expanding attack surfaces, organizations rely on multiple risk scoring systems, which are not effective risk qualifiers on their own to determine criticality. With Tenable Nessus, customers can take advantage of the latest industry-adopted vulnerability scoring systems – EPSS and CVSS v4 – and Tenable Vulnerability Priority Rating (VPR) to identify and take action on the vulnerabilities that pose the greatest risk specific to their environment. Leveraging an advanced data science algorithm developed by Tenable Research, Tenable VPR combines and analyzes Tenable proprietary vulnerability data, third-party vulnerability data and threat data to effectively and efficiently measure risk.

“EPSS and CVSS are single variables in the risk equation – context around exposures delivers a deeper level of understanding around true risk,” said Shai Morag, chief product officer, Tenable. “Recent Tenable Research found that only 3% of vulnerabilities most frequently result in impactful exposure. We’ve optimized Nessus to meet the evolving needs of our customers, empowering informed vulnerability prioritization strategies to address these critical few.”

Key features in this release include:

• EPSS and CVSS v4 Support enables users to see and filter plugins by EPSS and CVSS v4 score, further informing prioritization strategy. This feature enables security teams to remain compliant with organizational policies that require the use of EPSS or CVSS as the primary scoring system.
• Nessus Offline Mode addresses challenges with conducting vulnerability scans offline in air-gapped environments. Building upon existing offline scanning capabilities, Nessus runs critical services only, removing unwanted traffic generated by functions that rely on an active internet connection, thereby ensuring the security of sensitive data within a secure environment.
• Declarative Agent Versioning On-Prem enables users to create and manage agent profiles in Nessus Manager for Tenable Security Center. Users can specify a product version for an agent deployed in an environment, thereby reducing disruptions in day-to-day operations and enabling users to adhere to enterprise change control policies.

Learn more about vulnerability and risk scoring by checking out the Inaugural Study of EPSS Data and Performance developed by Cyentia Institute and the Forum of Incident Response and Security Teams (FIRST).

Join the upcoming Tenable webinar titled, From Data to Defense: Harnessing Predictive Scoring to Strengthen Your Cybersecurityon September 12, 2024 at 2:00 pm ET, by registering here.

Tenable Nessus is available as a standalone product and is included in Tenable Security Center and Tenable Vulnerability Management. More information on Tenable Nessus is available at: https://www.tenable.com/products/nessus

About Tenable

Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for more than 44,000 customers around the globe. Learn more at tenable.com.

###

Media Contact:

Tenable

tenablepr@tenable.com

Tenable®, the exposure management company, announced today that Shelly Raban, senior cloud security researcher for Tenable, will give a presentation at fwd:cloudsec Europe 2024, taking place on 17 September, 2024 in Brussels, Belgium.

During the session titled, “Who Watches the Watchmen? Stealing Credentials from Policy-as-Code Engines (and Beyond),” Raban will explore techniques adversaries use to exploit modern policy-as-code and Infrastructure-as-code (IaC) domain-specific languages (DSLs), compromise cloud identities and exfiltrate sensitive data. Raban will conclude her presentation by sharing various detection strategies that cyber defenders can implement to detect malicious activity. 

The session will be hosted in the Main Room from 2:50 - 3:10 pm CEST. 

More information on the event is available on the fwd:cloudsec Europe website. 

More information about Tenable Cloud Security is available at: https://www.tenable.com/products/tenable-cloud-security 

About Tenable

Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for more than 44,000 customers around the globe. Learn more at tenable.com. 

###

Media Contact:

Tenable

tenablepr@tenable.com

Tenable®, the exposure management company, today announced the release of AI Aware, advanced detection capabilities designed to rapidly surface artificial intelligence solutions, vulnerabilities and weaknesses available in Tenable Vulnerability Management, the world’s #1 vulnerability management solution. Tenable AI Aware provides exposure insight into AI applications, libraries and plugins so organizations can confidently expose and close AI risk, without inhibiting business operations.

The rapid development and adoption of AI technologies in the past two years has introduced major cybersecurity and compliance risks that organizations must proactively address without established best practices. As a result, cybersecurity teams face significant AI-related challenges, such as vulnerability detection and remediation, containing data leakage and reining in unauthorized AI use. 

According to recent Tenable Research, more than one-third of security teams are finding usage of AI applications in their environment that might not have been provisioned via formal processes. In fact, during a 75-day period between late June and early September, Tenable found over 9 million instances of AI applications on more than 1 million hosts. The cybersecurity risk of unfettered AI usage is compounded by the increasing volume of AI vulnerabilities. Tenable Research has found and disclosed several vulnerabilities in AI solutions, including in Microsoft Copilot, Flowise, Langflow, among others.

With AI Aware, Tenable transforms proactive security for AI solutions. Tenable AI Aware uniquely leverages agents, passive network monitoring, dynamic application security testing and distributed scan engines to detect approved and unapproved AI software, libraries and browser plugins, along with associated vulnerabilities, thereby mitigating risks of exploitation, data leakage and unauthorized resource consumption. The combined depth of these multiple assessment methods delivers the most complete detection of AI in the modern ecosystem. 

[Watch the Tenable AI Aware product demo video here.]

“In an effort to keep pace with the sea change introduced by AI, organizations around the world ran full speed ahead, potentially bypassing countless cybersecurity, privacy and compliance red flags,” said Shai Morag, chief product officer, Tenable. “Perhaps more so than with any other new technology we’ve seen, there are many risk factors to consider, especially with rushed development and deployment. Tenable AI Aware empowers organizations to deploy AI confidently, ensuring their security measures keep pace with the rapid evolution of AI technologies.”

In addition to AI software and vulnerability detection, key AI Aware features available in Tenable Vulnerability Management, Tenable Security Center and Tenable One include:

• Dashboard Views provide a snapshot of the most common AI software discovered in the ecosystem, top assets with vulnerabilities related to AI and the most common communication ports leveraged by AI technologies. 
• Shadow Software Development Detection illuminates the unexpected existence of the building blocks of AI development in the environment, enabling businesses to align initiatives with organizational best practices.
• Filter Findings for AI Detections enable teams to focus on AI-related findings when reviewing vulnerability assessment results. Combined with the power of Tenable Vulnerability Prioritization Rating (VPR), teams can effectively assess and prioritize vulnerabilities introduced by AI packages and libraries. 
• Asset-Centric AI-Inventory provides a complete inventory of AI-related packages, libraries and browser plugins while reviewing the detailed profile of an asset. 

Join the upcoming Tenable webinar titled, "Mitigating AI-Related Security Risks: Insights and Strategies with Tenable AI Aware" on October 9, 2024 at 11:00 am ET, by registering here.

More information on Tenable AI Aware is available at: https://www.tenable.com/products/vulnerability-management/ai-aware 

About Tenable

Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for more than 44,000 customers around the globe. Learn more at tenable.com. 

###

Media Contact:

Tenable

tenablepr@tenable.com

Tenable®, the exposure management company, today released its 2024 Tenable Cloud Risk Report, which examines the critical risks at play in modern cloud environments. Most alarmingly, nearly four in 10 organizations globally are leaving themselves exposed at the highest levels due to the “toxic cloud trilogy” of publicly exposed, critically vulnerable and highly privileged cloud workloads. Each of these misalignments alone introduces risk to cloud data, but the combination of all three drastically elevates the likelihood of exposure access by cyber attackers.

Security gaps caused by misconfigurations, risky entitlements and vulnerabilities combine to dramatically increase cloud risk. The Tenable Cloud Risk Report provides a deep dive into the most pressing cloud security issues observed in the first half of 2024, highlighting areas such as identities and permissions, workloads, storage resources, vulnerabilities, containers and Kubernetes. It also offers mitigation guidance for organizations seeking ways to limit exposures in the cloud.

Publicly exposed and highly privileged cloud data lead to data leaks. Critical vulnerabilities exacerbate the likelihood of incidents. The report reveals that a staggering 38% of organizations have cloud workloads that meet all three of these toxic cloud trilogy criteria, representing a perfect storm of exposure for cyber attackers to target. When bad actors exploit these exposures, incidents commonly include application disruptions, full system takeovers, and DDoS attacks that are often associated with ransomware. Scenarios like these could devastate an organization, with the 2024 average cost of a single data breach approaching $5 million.¹ 

Additional key findings from the report include: 

• 84% of organizations have risky access keys to cloud resources: The majority of organizations (84.2%) possess unused or longstanding access keys with critical or high severity excessive permissions, a significant security gap that poses substantial risk. 
• 23% of cloud identities have critical or high severity excessive permissions: Analysis of Amazon Web Services (AWS), Google Cloud Platform (GCP) and Microsoft Azure reveals that 23% of cloud identities, both human and non-human, have critical or high severity excessive permissions. 
• Critical vulnerabilities persist: Notably, CVE-2024-21626, a severe container escape vulnerability that could lead to the server host compromise, remained unremediated in over 80% of workloads even 40 days after its publishing. 
• 74% of organizations have publicly exposed storage: 74% of organizations have publicly exposed storage assets, including those in which sensitive data resides. This exposure, often due to unnecessary or excessive permissions, has been linked to increased ransomware attacks. 
• 78% of organizations have publicly accessible Kubernetes API servers: Of these, 41% also allow inbound internet access. Additionally, 58% of organizations have cluster-admin role bindings — which means that certain users have unrestricted control over all the Kubernetes environments.

“Our report reveals that an overwhelming number of organizations have access exposures in their cloud workloads of which they may not even be aware,” said Shai Morag, chief product officer, Tenable. “It’s not always about bad actors launching novel attacks. In many instances, misconfigurations and over-privileged access represent the highest risk for cloud data exposures. The good news is, many of these security gaps can be closed easily once they are known and exposed.”

The report reflects findings by the Tenable Cloud Research team based on telemetry from millions of cloud resources across multiple public cloud repositories, analyzed from January 1 through June 30, 2024.

To download the report today, please visit: https://www.tenable.com/cyber-exposure/tenable-cloud-risk-report-2024 

¹ IBM Security Cost of a Data Breach Report 2024

About Tenable

Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for more than 44,000 customers around the globe. Learn more at tenable.com. 

###

Media Contact:

Tenable

tenablepr@tenable.com

The mysterious prophecy that has shaped the life of Kelvin Knight Hackleberry and his family seems nearly to have run its course. The Two Kingdoms that were joined by Kelvin to form Kelvinia have now been united with three others, to make a great confederation under the rule of the young twin kings, Kildom and Kildee. Kelvin has earned some time to rest with his family. Charles and Merlain are now twenty years old, and so is Dragon Horace, their brother who is the Great King of all the land. But the clouds of the last battle are gathering. The evil Professor DeVale and his witch servant Zady had been foiled in their attempt to destroy Kelvin by using his children--their evil plot has led to a stronger, more peaceful land under its rightful rulers. Now they will try one last time to pervert all that is good in the universe of the frames--and although the Prophecy of Mouvar has been accurate up to now, still there is a chance that evil will prevail.

In this groundbreaking book, authors Russell Friedman and John W. James show listeners how to move on from their unsuccessful past relationships and finally find the love of their lives. Demonstrating revolutionary ideas that have worked for thousands of their clients at the Grief Recovery Institute, Friedman and James give listeners the strategies they need to effectively mourn the loss of the relationship, while opening themselves up to love in the future. With compassionate guidance, Friedman and James help listeners to close a chapter of their romantic past so that they can be ready to begin again.

Western Jane Candia Coleman is a natural storyteller whose characters come from the lands between the southwestern valleys of Arizona and the Gila Mountains of New Mexico. The night Billy the Kid died is hauntingly depicted in Corrido for Billy. Lady Flo is a memoir, based on historical fact, of the black wife of an Irish nobleman. Moving On depicts a young girl abandoned by her family who finds her way with an itinerant Jewish peddler. And Are You Coming Back, Phin Montana? is the winner of the 1995 Spur Award for Best Western Short Fiction. Each story embodies the finest elements of Western fiction imitations of hope, vulnerability, and courage.

La National Gallery presenta «Van Gogh: Poetas y amantes» Con motivo de su 200 aniversario,...

El museo de Orsay presenta la obra de la pionera pintora noruega Harriet Backer. Del...

El Kupferstichkabinett presenta «El otro impresionismo” Del 25 de septiembre de 2024 al 12 de...

El Museo Van Gogh celebra 150 años de Impresionismo en «¡Vive l’impressionnisme!» Del 11 de...

Identifying both the current vulnerabilities and the vulnerabilities that have been mitigated provides IT managers an accurate picture of the health of their organization's network. Tenable.sc Continuous View has the ability to track mitigated vulnerabilities, enabling management to track and measure progress. This report provides technical managers with a clear method to communicate progress to executive management.

Throughout the report there is a continued comparison of mitigated vulnerabilities to unmitigated vulnerabilities. The first chapter provides a 3-month trend of vulnerabilities and other related charts focusing on vulnerability counts per subnet.  The second chapter provides a series of matrices with an in-depth look at vulnerabilities by severity, by CVSS score, by CVE identifier, and by Nessus and Nessus Network Manager (NNM) plugin groupings.
The report is available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The report can be easily located in the Tenable.sc Feed under the category Executive. The report requirements are:

• Tenable.sc 5.0.1
• Nessus 8.5.1
• LCE 6.0.0
• NNM 5.9.0

Tenable provides continuous network monitoring to identify vulnerabilities, reduce risk, and ensure compliance. Tenable.sc Continuous View (CV) provides the ability to report on both current and mitigated vulnerabilities. With more supported technologies than any other vendor, including operating systems, network devices, hypervisors, databases, tablets, phones, web servers, and critical infrastructure, Tenable.sc CV scales to meet future vulnerability management demands for virtualized systems, cloud services, and the proliferation of devices.
teams.

  Chapters

Executive Summary - This chapter provides executives with high-level understanding of vulnerability history, and which network segments are at the most risk. The first component is a 3-month trend of vulnerabilities followed by two bar charts. The bar charts provide a side-by-side comparison of vulnerability mitigation by subnet. The vulnerabilities that have been mitigated are in the top bar chart and current vulnerabilities are shown in the following chart.

Vulnerability Summaries - This chapter provides a series of matrices showing the relationship between mitigated vulnerabilities and unmitigated. The matrices are created using different criteria. The components provide an analysis using CVSS, CVE, and operating systems.
 

Many data protection regulations, such as PCI DSS and HIPAA, levy heavy fines for data breaches of sensitive information. Effective data protection controls are necessary to avoid breaches of regulatory, statutory, or contractual obligations related to sensitive data.

Organizations that handle sensitive data, such as healthcare and credit card information, are required to audit data protection controls on an annual basis. Leveraging Tenable reports enables organizations to protect data in accordance with business risk posture for Confidentiality, Integrity and Availability (CIA).

The National Institute of Standards (NIST) Special Publication 800-53 provides comprehensive guidance for a secure infrastructure, including guidance on data protection and encryption. The information provided in Tenable dashboards and reports enables Risk Managers and Chief Privacy Officers to demonstrate to third parties and regulatory bodies that sensitive data is protected in accordance with Data Loss Prevention requirements.

The NIST Cybersecurity Framework (CSF) is a control framework, which has high level controls that align with
ISO 27001, NIST SP 800-53, and others. The Cybersecurity Framework’s prioritized, flexible, and cost-effective approach helps to promote the protection and resilience of critical infrastructure and other sectors important to the economy and national security. Many regulating bodies accept evidence documentation of compliance with the NIST CSF as assurance that the organization has effective controls in place to meet their security requirements. The HIPAA Security Rule Crosswalk to NIST Cybersecurity Framework is an example of a regulation aligning with NIST.

The report is available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The report is located in the Tenable.sc Feed under the category Threat Detection & Vulnerability Assessments.

The report requirements are:

Tenable.sc 5.9.0
Nessus 10.2.0

Leveraging Tenable reports enables operations teams to verify that appropriate protections are in place for data at rest, data in transit, and removable media. Security leaders need to SEE everything, PREDICT what matters most and ACT to address cyber risk and effectively align cybersecurity initiatives with business objectives.

Chapters

Executive Summary: This chapter provides a summary view on the state of protections controls relating to Certificates, Encryption, and Confidentiality and Protected Information.

Data Protection Details – This chapter provides details on the state of protection controls in the environment for Certificates, Encryption, and Confidentiality and Protected Information, which are described below.

• Certificates – This section displays findings for hosts with expired certificates, certificates that are expiring soon, untrusted certificates and self-signed certificates.  Expired certificates and other certificate problems cause a denial of service, man-in-the-middle, and trust-related concerns for organizations.  
• SSL/TLS Vulnerability Summary – This section provides an overview of systems and vulnerabilities related to SSL/TLS.  The SSL/TLS Vulnerabilities by Type element displays a count of systems and vulnerabilities related to SSLv2 and SSLv3 in the first two rows. From the third row down, information is provided on all the systems running any version of TLSv1 and higher.
• Encryption – This section provides an overview of systems and vulnerabilities related to SSL/TLS and Encryption/Cryptographic Compliance. Information presented in this section highlights issues such as weak hashing algorithms and keys as well as the use of insecure encryption ciphers. Many of these issues are the result of misconfigurations or use of outdated encryption methods. This detailed information also highlights vulnerabilities that can be exploited by attackers. Tenable recommends that security teams review the data to determine the risk to the organization.
• Confidentiality of Protected Information – This section provides an overview of systems and vulnerabilities related to Security Requirement 3.13.16 in the NIST Special Publication 800-171. Revision 2 provides guidance to protect the confidentiality of Controlled Unclassified Information (CUI) at rest and maps to Security Control SC-28 of NIST Special Publication 800-53.  
• File Content Audit Results – The following section displays File Content Audit Results. The first two rows of the File Contents Audit Results Compliance Checks provide the total count of Passed checks, Failed checks, and checks requiring a manual review. The first row, ‘Check Count’, provides a count of the current checks per check status. The second row, ‘Check Ratio’, provides a ratio view of check status. The three columns together total 100%. The last two rows provide a system count analysis. The third row, ‘System Count’, provides the number of systems with at least one audit check in the applicable state. The last row, ‘System Ratio’, provides a percentage of systems with at least one audit check in the applicable state.

How do we find lasting, trusting, and fulfilling friendships? Is it by being popular? Dazzling others with your genius? Looking for that ultimate BFF? Hiding all your imperfections and trying hard to fit in? Deep and enduring friendships are essential to our psychological and physical well-being. Unfortunately, between bullying, social anxiety, peer pressure, and other issues, many teens feel isolated. In Dear Libby, trusted columnist Libby Kiszner offers a breakthrough approach to friendship and connection. You can create friendships from the inside out-rather than from the outside in. You can experience friendships with vibrant self-expression in every stage of life, making Dear Libby a book that can be read and reread at any age. Containing seven core principles, this life-changing resource not only explains the dynamics of connections and friendships but also gives practical tools to develop them. Integrating contemporary issues, timeless insight, real-life skills, and unique perspectives, Dear Libby provides a hands-on guide for dealing with everyday friendship struggles faced by teens today. Teens and readers of all ages will gain insight and understanding on how to make profound, joyful relationships possible. Find answers to real questions like: What should I do when people who are supposed to be my friends call me names or embarrass me? What should I do I do if I'm being ignored at school? What is the best way to handle loneliness? Someone just stole my friend. What can I do? What can I do when my friends get together and "forget" to invite me?

L’investissement dans les agriculteurs, c’est-à-dire le capital humain de l’agriculture, est crucial pour relever les défis que posent nos systèmes agroalimentaires.

Cette note propose un résumé des politiques, stratégies et plans d’action ayant trait à la nutrition (désignés ici sous le terme de « politiques ») en Afrique de l’Ouest.

Ce document présente une analyse des chaînes de valeur agroalimentaires de manioc, de riz, de lait et de poisson le long du corridor économique entre les capitales provinciales de Bukavu (Sud-Kivu) et Kalemie (Tanganyika) situées dans la partie orientale de la République démocratique du Congo (RDC). Les principales données utilisées pour cette étude proviennent d’enquêtes menées en 2021 auprès d’environ 3000 acteurs conomiques familiaux, y compris des agriculteurs, des transformateurs et des intermédiaires, actifs dans une ou plusieurs des quatre filières ciblées.

The National Gallery presents “Van Gogh: Poets and Lovers” To mark its 200th anniversary, the...

Musée d’Orsay showcases the work of pioneering Norwegian painter Harriet Backer. From 24 September 2024...

Kupferstichkabinett presents “The Other Impressionism” From 25 September 2024 to 12 January 2025, the Kupferstichkabinett...

Van Gogh Museum celebrates 150 years of Impressionism in “Vive l’impressionnisme!” From 11 October 2024...

The Met presents the first major exhibition in the US focusing on early Sienese painting...

The Othmar Huber Collection at the Albertina From 8 November 2024 to 9 February 2025,...

The CL0P Ransomware Group, also known as TA505, has exploited zero-day vulnerabilities across a series of file transfer solutions since December 2020. File transfer solutions often contain sensitive information from a variety of organizations. This stolen information is used to extort victims to pay ransom demands. In 2023, CL0P claimed credit for the exploitation of vulnerabilities in both Fortra’s GoAnywhere Managed File Transfer (MFT) and Progress Software’s MOVEit Transfer solutions.

Research conducted as part of security audits has revealed additional vulnerabilities. This dashboard contains a list of vulnerabilities known to be exploited by the CL0P ransomware group as well as other vulnerabilities that could be leveraged by CL0P and other threat actors. Operations teams can use this data to identify the assets affected by the associated CVEs targeted by the CL0P ransomware group. The following Nessus plugins identify the affected vulnerabilities:

•  90190: Progress MOVEit Transfer Installed (Windows)
• 176735: Progress MOVEit Transfer Web Interface Detection
• 176736: Progress MOVEit Transfer FTP Detection
• 176567: Progress MOVEit Transfer
• 177371: Progress MOVEit Transfer Critical Vulnerability (June 15, 2023)

The dashboard and its components are available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The dashboard can be easily located in the Tenable Security Center Feed under the category Security Industry Trends.

The requirements for this dashboard are:

• Tenable Security Center 6.1.1
• Tenable Nessus 10.5.2

The Security Response Team (SRT) in Tenable Research digs into technical details and tests proof-of-concept attacks, when available, to ensure customers are fully informed of risks. The SRT also provides breakdowns for the latest vulnerabilities in the Tenable blog.

Tenable Research has posted the FAQ for MOVEit Transfer Vulnerabilities and CL0P Ransomware Gang blog post to provide the latest information about this threat.

Components

CL0P Ransomware Group MOVEit – This table displays assets that are vulnerable to recent targeted attacks by the CL0P Ransomware Group (aka TA505) related to Progress Software’s MOVEit Transfer solutions. The component specifically provides results for pluginIDs 90190, 176735, 176736, 176567, 177082, and 177371. These vulnerabilities are associated with a zero-day that is actively being exploited. The table displays the IP address, NetBIOS, DNS, and OS CPE of any identified vulnerable assets, and the Vulnerabilities severity bar.

CL0P Ransomware Group Fortra GoAnywhere MFT – This table displays assets that may be vulnerable to recent targeted attacks by the CL0P Ransomware Group (aka TA505) related to Fortra GoAnywhere Managed File Transfer (MFT). The component specifically provides results for pluginIDs 171845, 171558, 171771, and 113896. These vulnerabilities are associated with a zero-day that is actively being exploited. The table displays the IP address, NetBIOS, DNS, OS CPE of any identified vulnerable assets, and the Vulnerabilities severity bar. 

CL0P Ransomware Group Accellion File Transfer – This table displays assets that may be vulnerable to recent targeted attacks by the CL0P Ransomware Group (aka TA505) for CGI abuses related to Accellion Secure File Transfer. The component specifically provides results for pluginIDs 85007, 146927, and 154933. These vulnerabilities are associated with a zero-day that is actively being exploited by the CL0P Ransomware Group, also known as TA505. The table displays the IP address, NetBIOS, DNS, and OS CPE of any identified vulnerable assets, and the Vulnerabilities severity bars.

CL0P Ransomware Group Patched Assets – This table displays vulnerabilities that have been remediated related to recent targeted attacks by the CL0P Ransomware Group (aka TA505). The remediated vulnerabilities displayed are specifically related to the vulnerabilities related to Progress Software’s MOVEit Transfer solutions, Fortra GoAnywhere Managed File Transfer, and Accellion Secure File Transfer. These vulnerabilities are associated with a zero-day that is actively being exploited. The table displays the PluginID, Vulnerability Name, Plugin Family, Severity, and Total of remediated vulnerabilities.

Tenable Research delivers world class exposure intelligence, data science insights, zero day research and security advisories. Our Security Response Team (SRT) in Tenable Research tracks threat and vulnerability intelligence feeds to make sure our research teams can deliver sensor coverage to our products as quickly as possible. The SRT also works to dig into technical details and author white papers, blogs, and additional communications to ensure stakeholders are fully informed of the latest cyber risks and threats. The SRT provides breakdowns for the latest critical vulnerabilities on the Tenable blog.

When security events rise to the level of taking immediate action, Tenable - leveraging SRT intelligence -  notifies customers proactively to provide exposure information, current threat details and how to use Tenable products and capabilities to accelerate remediation.

This dashboard contains indicator style components to highlight any vulnerabilities related to the Tenable Research Advisories where Tenable issues customer guidance that immediate remediation was of paramount importance to all affected organizations. Tenable recommends addressing missing patches as identified in the dashboard components. 

The dashboard and its components are available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The dashboard can be easily located in the Tenable.sc Feed under the category Security Industry Trends.

The dashboard requirements are: 

• Tenable.sc 6.2.0
• Nessus 10.6.1

The following components are included in this dashboard are:

Research Advisories - Citrix NetScaler ADC and NetScaler Gateway: In August 2023, Mandiant identified a zero-day exploitation impacting NetScaler ADC and NetScaler Gateway appliances. When NetScaler ADC or NetScaler Gateway is configured as a gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or as an AAA virtual server, an unauthenticated attacker could exploit the device in order to hijack an existing authenticated session. Depending on the permissions of the account they have hijacked, this could allow the attacker to gain additional access within a target environment and collect other account credentials. Successful exploitation allows the attacker to bypass multi factor authentication (MFA) requirements.

Research Advisories - curl Heap Overflow and Cookie Injection: On October 3, an open-source developer and maintainer of curl, took to X (formerly Twitter) to announce that a new high severity CVE would be fixed in curl 8.4.0. The developer noted that the release would be ahead of schedule and released on October 11, indicating in a reply to the twitter thread that this is 'the worst security problem found in curl in a long time.' 

Research Advisories - MOVEit: The CL0P Ransomware Group, also known as TA505, has exploited zero-day vulnerabilities across a series of file transfer solutions since December 2020. File transfer solutions often contain sensitive information from a variety of organizations. This stolen information is used to extort victims to pay ransom demands. In 2023, CL0P claimed credit for the exploitation of vulnerabilities in both Fortra’s GoAnywhere Managed File Transfer (MFT) and Progress Software’s MOVEit Transfer solutions. 

Research Advisories - log4shell: This matrix alerts organizations to potential concerns regarding the Log4j vulnerability. Displayed are the vulnerabilities that are directly associated with the log4shell CVEs (CVE-2021-44228, CVE-2021-44832, CVE-2021-45046, CVE-2021-4104, and CVE-2021-45105) and Log4j installations. 

Research Advisories - CISA Alerts AA22-011A and AA22-047A: On November 3rd, 2021, Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive (BOD) 22-01, and on Jan 11, 2022 CISA issued an alert (AA22-011A) warning of increased risk to U.S. critical infrastructure.  A total of 18 CVEs can be associated with this alert.  Hosts and Vulnerabilities identified and mitigated are displayed using the referenced CVE. 

Research Advisories - PrintNightmare: On July 1, Microsoft released an advisory for CVE-2021-34527. This advisory was released in response to public reports about a proof-of-concept (PoC) exploit for CVE-2021-1675, a similar vulnerability in the Windows Print Spooler. To help clear up confusion about the vulnerability, Microsoft updated its advisory for CVE-2021-1675 to clarify that it is similar but distinct from CVE-2021-34527. On July 6, Microsoft updated its advisory to announce the availability of out-of-band patches for CVE-2021-34527, a critical vulnerability in its Windows Print Spooler that researchers are calling PrintNightmare. This remote code execution (RCE) vulnerability affects all versions of Microsoft Windows. 

Research Advisories - MS Exchange ProxyLogon: On March 2, 2021 Microsoft released several critical security updates for zero-day Microsoft Exchange Server vulnerabilities, and reported that the exploits are actively being exploited by threat actors. Within a single week thousands of organizations world-wide have fallen victim. Tenable released several plugins for Exchange Server 2010, 2013, 2016 and 2019, which can be used to determine which Exchange Server systems are vulnerable in your environment.

One of the common questions often asked of the IT team is “how many systems are missing patches and how many patches are missing on each system?”  This dashboard uses the “Patch Report” plugin and organizes the current patch status for systems scanned with credentials.  The IT team can now easily communicate the specific systems with missing patches to executives.

The Nessus "Patch Report" plugin (66334) elegantly summarizes all of the missing patches and general remediation actions required to remediate the discovered vulnerabilities on a given host. Instead of counting the number of vulnerabilities, the plugin lists applications that need to be upgraded. The approach is not only much easier for IT administrators to consume, but the count of applications provides a measure of how much "work" is required to secure a system.

The dashboard provides risk guidance using the “Remediation Summary” tool.  This tool works by employing a concept called “top patch”.  Tenable Security Center uses proprietary technology to identify a chain of patches.  The first patch in the chain is called the “top patch”.  If the “top patch” is applied, all subsequent vulnerabilities will also be remediated at the same time.  Using both the Remediation Summary tool and “Patch Report” plugin, the organization can better plan remediation efforts.   

The dashboard and its components are available in the Tenable Security Center Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets.  The dashboard can be easily located in the Tenable Security Center Feed under the category Executive. The dashboard requirements are:

• Tenable Security Center
• Nessus
• This dashboard requires “Full Text Search” to be enabled for each analyzed repository.

Please note the "Full Text Search" option must be enabled for the repository to support the trending component.

Tenable Security Center has the ability to identify all discoverable vulnerabilities, eliminating blind spots. Tenable detects missing patches, incorrect configurations, lapsed defenses, incomplete monitoring and network intruders—so you can mitigate them.  Tenable Security Center can show risk across all systems, enabling informed decisions.  Tenable’s approach to continuous monitoring reaches across cloud, virtual, mobile and traditional systems and measures attack vectors in each of these domains.  Tenable Security Center provides a unique combination of detection, reporting, and pattern recognition utilizing industry recognized algorithms and models.  By providing that single point of data collection, Tenable.sc enables sharing of vulnerability scanning results across the technical groups and business owners. Tenable.sc is continuously updated with information about advanced threats and zero-day vulnerabilities, and new types of regulatory compliance configuration audits.

Components

Remediations Tracking - Top 25 Remediations: This component provides the top 25 remediation actions that can be taken to reduce overall risk.  The table is sorted using vulnerability weight scores, which are calculated differently for each organization.  To determine score weights, login with the admin account, edit your organization and then select “Analysis”.  In the upper right hand corner, there are four scores, one for each severity level. The default scores are: critical = 40, high = 10, medium = 3 and low = 1. The vulnerability weight helps to determine a fully calculated score used in risk analysis.

The Outstanding Remediations - Time Since Patch Publication (Assets) matrix displays the total count of missing patches across the environment. The matrix is comprised of five columns. The first column provides a count of the vulnerabilities that are exploitable, and the last four columns provide counts of vulnerabilities based on Vulnerability Priority Rating (VPR) levels. VPR scores are displayed as column headers in traditional severity text.  Critical represents VPR 9-10, High represents VPR 7-8.9, Medium represents VPR 4-6.9, and Low represents VPR 0.1-3.9. Each row filters the vulnerabilities based on the patch publication date of less than 30 days ago, Current Quarter, Last Quarter, Current Year, Last Year, and greater than 365 Days.

The End of Life Software Detection table displays a list of software that is no longer supported by the vendor. The table is sorted by the count column, which lists a count of the total number of assets affected by the unsupported software package. The filter used is for Plugin Name equals Unsupported. Tenable recommends that assets found here be upgraded to a higher supported version as soon as possible, since vendors no longer list active vulnerabilities for end-of-life software.

The Outstanding Remediations by Device Type (Vulnerabilities) matrix displays the total count of missing patches by device type. The matrix is comprised of five columns. The first column provides a count of the vulnerabilities that are exploitable, and the last four columns provide counts of vulnerabilities based on Vulnerability Priority Rating (VPR) levels. VPR scores are displayed as column headers in traditional severity text.  Critical represents VPR 9-10, High represents VPR 7-8.9, Medium represents VPR 4-6.9, and Low represents VPR 0.1-3.9.  There is a row present which groups devices by type, such as Linux, Windows, or macOS devices. Counts present in each cell represents the number of vulnerabilities present for the device group and VPR score.

Reducing food loss and waste for climate outcomes: Insights from national consultations in Bangladesh, Malawi and Nepal

Integrating key goals of food system transformation.

The post Reducing food loss and waste for climate outcomes: Insights from national consultations in Bangladesh, Malawi and Nepal appeared first on IFPRI.

Identifying guidelines for the design of conditional credit programs to promote sustainable agricultural practices in Latin America

Tools for food system policy development.

The post Identifying guidelines for the design of conditional credit programs to promote sustainable agricultural practices in Latin America appeared first on IFPRI.

Síntesis de evidencia: Lineamientos para el diseño de programas crediticios agropecuarios condicionados para el fomento de prácticas agropecuarias sostenibles

Enfoques para el desarrollo de políticas del sistema alimentario.

The post Síntesis de evidencia: Lineamientos para el diseño de programas crediticios agropecuarios condicionados para el fomento de prácticas agropecuarias sostenibles appeared first on IFPRI.

Enhancing milk quality in Uganda: Challenges and innovations in the dairy value chain

Improving market incentives.

The post Enhancing milk quality in Uganda: Challenges and innovations in the dairy value chain appeared first on IFPRI.

Beyond the Health Extension Program: Developing a focused approach to improve nutrition in Ethiopia

A study points to reforms.

The post Beyond the Health Extension Program: Developing a focused approach to improve nutrition in Ethiopia appeared first on IFPRI.

Limiting deforestation involves complex tradeoffs: Results from a global land-use model

Many dimensions of combating climate change.

The post Limiting deforestation involves complex tradeoffs: Results from a global land-use model appeared first on IFPRI.