Mr.Bada

Link : https://www.darkreading.com/vulnerabilities-threats/three-months-later-41-of-log4j-downloads-are-of-vulnerable-versions Three months after the Apache Foundation disclosed the infamous Lo4j vulnerability [CVE-2021-44228] and issued a fix for it, more than 4 in 10 downloads of the logging tool from the Maven Central Java package repository continue to be known vulnerable versions.A dashboard that Maven Central administrator Sonatype launched soon after news of the so-called Log4Shell flaw first surfaced shows that 41% of Log4j packages downloaded between Feb. 4 and March 10, 2022, are versions prior to Log4j 2.15.0. That's the patched version of the logging tool that the Apache Foundation released on Dec. 10, 2021, when the Log4Shell flaw was first disclosed. After that, the Foundation released two other updates to address two subsequent — and relatively less severe — vulnerabilities that were uncovered in the logging tool just days after the Log4Shell disclosure. Sonatype's dashboard showed there have been more than 31.4 million downloads of Log4j in total since Dec. 10, 2021. It's unclear how many of those are vulnerable versions, but going by the latest download statistics the number could well be near, or in excess, of 10 million.Log4j and Layers So why are organizations and developers downloading known vulnerable versions of Log4j packages, and why are those versions available for downloads in the first place — especially given the prevalence of the flaw and the relative ease with which it can be exploited? Travis Smith, vice president of malware threat research at Qualys, points to a couple of reasons for the continued downloads. "The main culprit is likely automated build systems, which are configured to download a specific version build of their dependencies," he says. Lesser-maintained projects especially may automatically download a specific version to avoid conflicts with updated software. "If the maintainer of that software hasn’t been paying attention to the news surrounding Log4j, their application is left open to the risk of exploitation." The fact that Log4j is an integral part of many Java applications — and is often buried several layers deep with them — has made it extremely difficult for many organizations to detect and remediate the issue. "The inference could be made that many of the current downloads of the vulnerable version are for projects that cannot justify the time taken to upgrade," Smith says. Another explanation for the high percentage of vulnerable Log4j downloads, according to Smith, could be that researchers are doing it to test defenses, and adversaries are doing it to test their exploits. Ilkka Turunen, field CTO at Sonatype, says another issue is the lack of fundamental software supply chain management at many organizations. Without adequate software composition analysis tooling and a software bill of materials, organizations can have a hard time figuring out what components have gone out to which releases. "The hard part we observed with many organizations about the Log4j fire drill was a complete lack of awareness and visibility of which third party components were used in their production," Turunen says. Often, organizations don’t understand what is in their applications and are therefore not able to quickly target affected applications and make upgrades. "In short, many companies are still trying to build their software inventory before they start to react." Recent data that Qualys pulled from its cloud security platform in fact suggests that some 30% of the Log4j instances on the Internet still remain vulnerable for exploit, according to the company. "Apache Foundation’s Log4J is used in a myriad of places and is bundled with hundreds of packages," says Mike Parkin, senior technical engineer at Vulcan Cyber. "That broad use was part of what made it such a major vulnerability in the first place." The fact that not every developer implements Log4J into their packages the same way is another reason why patching it has become a major issue, he says. Why Are Vulnerable Log4J Versions Still Available? Meanwhile, the reason why vulnerable Log4j packages still remain available for download via Maven Central is because of software dependencies, Smith and others said. Many pieces of software are dependent on the vulnerable versions of Log4j, and removing them suddenly could cause systems to break. An analysis by Google researchers a week after the Log4Shell flaw was disclosed showed that some 17,000 Java packages on Maven Central contained the vulnerability. At that time, Google discovered fixed versions were available for 25% of the impacted packages. Since then, it is likely that many more have been patched. Yet removing vulnerable versions from the Maven repository is risky. "When we first became stewards of Maven Central, one of the key commandments we put in place was 'thou shalt not break a build,'" says Turunen. "While it can be tempting to assert our own judgment, which might be removing the vulnerabilities, what’s actually best for the community is for everyone to make their own judgments." Brian Fox, co-founder and CTO at Sonatype, says Maven Central is more like a natural gas pipeline than a gas station where a user gets to choose their octane level each time. "If we took these downloads down from the repo, every build worldwide that comes looking for it would suddenly fail," he says. He points to a 2016 incident where a programmer removed a package that he had developed called left-pad from the npm JavaScript registry over a dispute. Though the package consisted of just 11 lines of code, its removal broke thousands of dependent projects and caused substantial disruption across the Internet. Doing the same thing with Log4j would cause disruption where it is likely not justified and could cause more harm than good, Fox says.

Link : https://bleedingcool.com/games/razer-introduces-three-new-streaming-hardware-products/ Razer has revealed three new items this week as they are boosting their streaming hardware selection with some cool new choices. All of these items focus on areas that streamers need for their setups, two specifically for the desk and one that can be for at home or mobile. The big one of the bunch is a new Audio Mixer that lights up with some cool options, followed by a set of chroma key lights, and finally, the Seiren BT which gives you a cool Bluetooth microphone to use anywhere. We have the full details on all three below as they are available to purchase in their shop and at select locations.Razer Audio Mixer ($250) The new Razer Audio Mixer is a single-box solution, made for streaming, with a range of direct inputs and a centralized, powerful audio mixing software stack, bringing new levels of control and live mixing to desktop streamers. This level of control traditionally requires a complex, cumbersome and expensive multi-device set-up – but the Razer Audio Mixer brings everything into one easy-to-use, simple to set up, fully customizable 4 channel analog mixer. The Razer Audio Mixer allows streamers to control multiple audio sources on-the-fly, balancing the volume levels between sources, muting channels as needed and even adding vocal effects to enhance their streams. This level of control is simple and easy to set-up, making it accessible to every streamer regardless of technical expertise, thanks to the direct input support for the most commonly used audio connections, including hybrid-XLR (with 48V Phantom Power), TRS Line In and Out, Optical TOS and more. The powerful Razer Audio Mixer software is a centralized audio mixing software suite, fully integrated into Razer Synapse 3 and supports all digital audio output sources, including game sound, system, chat, and music sources. Through Razer Synapse 3, users can access a range of audio adjustment options, from software-based noise gate and EQ functions through to reverb and voice changers. Each audio source can be balanced, mixed and mapped to the hardware functions on the Audio Mixer, with the audio settings and processing offloaded to the Audio Mixers onboard processor, freeing up system resources on the PC. The Razer Audio Mixer takes the hassle out of professional quality streaming audio, simplifying the set-up with direct inputs, giving the user full control over their audio sources, channel mixes, effects and microphone settings. By supporting both analog and digital sound sources, with source tuning, per channel mixing and live fading, muting and effects, streamers now have a one-box solution able to cope with almost any combination of hardware and software sources, making the Razer Audio Mixer the must-have device for upcoming broadcasters. Razer Key Light Chroma ($300) The Razer Key Light Chroma is an all-in-one solution powered by Razer Chroma RGB, bringing infinitely variable lighting to desktop streamers, allowing them to create unique, engaging, and interactive streams painted with light. Controlled through the Razer Streaming App or Razer Synapse 3, streamers can access a range of lighting presets, syncing their lighting to other Chroma RGB compatible devices, and even synching with stream notifications, for a range of effects, making their streams unique. For more creative streams, the Key Light Chroma can display up to 16.8 million colors, bringing modifiable lighting to streaming, to set the mood and encourage audience interaction with lighting that reacts to viewer emotes, alerts, shout-outs and more. In addition to Razer Chroma RGB, the Razer Key Light Chroma pushes out up to 2800 Lumens, with a white temperature range of 3000k to 7000k, bright enough for any stream set-up, including full room lighting for VR streamers. The Razer Key Light Chroma is supplied with a desk clamp mounted pole, topped with a ¼" screw ball joint. Mounting holes on each side of the panel allow the Key Light Chroma to be positioned both in landscape and portrait, with the ball joint allowing the panel to be angled as needed. For room flooding, the pole extends up to 1.3m from the desk surface and can be retracted to stand at 55cm above the desk for face lighting.Razer Seiren BT ($100) Connecting via Bluetooth and compatible with the most po[CENSORED]r mobile streaming apps, the wireless Seiren BT gives complete freedom of movement to the streamer, delivering rich, warm voice tones, via the omnidirectional microphone and powerful noise suppression software. By using the Seiren BT, IRL streamers can get creative with their stream, using selfie-sticks and other mounts, without the worry of getting tangled in wires. The Seiren BT uses a simple clip-on design, letting the streamer use expansive, wide-angle shots, and frame themselves away from their mobile while maintaining clear on-stream audio. Whether it's strong winds or noisy crowds, the Seiren BT microphone intelligently filters out background noise from indoor or outdoor environments, with a simple high/low suppression option, via the accompanying Razer Streaming Mobile App. Supplied with indoor and outdoor windsocks, the Seiren BT is the perfect single-device solution for IRL streamers looking to elevate their content with consistent audio clarity, anywhere they choose to stream.

Nickname: @Bada. Video author: PlayStation Name of the game: Hotel Transylvania: Scary-Tale Adventures - Launch Trailer | PS4 Video link: Short description of the video: To all the humans, vamps and other creatures out there -today we launch #HotelTransylvania #ScaryTaleAdventures. Help Drac and his frightful & delightful pack in this all-new 3D platform adventure set in the Hotel Transylvania universe. Available now for PS4, get yours today!

Link : https://www.google.com/amp/s/www.clickondetroit.com/news/local/2022/03/10/animal-rescue-farm-in-manchester-seeks-volunteers-donations-to-help-keep-operations-running/%3foutputType=amp MANCHESTER, Mich. – For years, a Southeast Michigan farm has been taking in abused and neglected animals, and giving them a happier and healthier life. SASHA Farm Animal Sanctuary in Manchester, Michigan has been operating as a safe haven for animals who have been treated poorly, or were left for dead. The sanctuary currently cares for hundreds of all kinds of animals, like cows, sheep, horses, goats, cats and more. Caretakers not only feed and clean up after the animals, but they also engage with them socially, and encourage them to engage with other animals of the same species. Owners say some of the rescued animals are timid and scared when they first arrive, but really settle in and come to life in their new home at SASHA. The farm relies on volunteers and donations to maintain operations and provide a safe place for mistreated animals. But the pandemic has created difficult circumstances for the sanctuary, limiting its fundraising opportunities and pushing them to cut back on volunteers to help prevent the spread of COVID-19.Now, the farm is seeking assistance from the community to help keep operations running for the animals they care for. Watch their heartwarming story in the video player above. Visit the farm’s website here to donate, or for more information.

Today is my Friend @ITS OZX- Birthday I wish you everything you wish for in your life and may God grant you success in everything you want ♥️

A few moments and everything will be ready thank you @FazzNoth for your Suggestion 🙂 & thx @sNk_DarK for Add it 🙏♥️

Voted V2 i liked this song

Link : https://www.google.com/amp/s/www.malaymail.com/amp/news/tech-gadgets/2022/03/10/new-facebook-tools-target-misinformation-in-users-groups/2046558 SAN FRANCISCO, March 10 — Facebook on Wednesday began letting groups automatically reject posts identified as containing false information, taking aim at a part of the massive network that has drawn particular concern from misinformation watchdogs. More than 1.8 billion people per month use Facebook Groups, which allow members to gather around topics ranging from parenting to politics.Yet critics have said the groups are ripe targets for the spread of misleading or false information by having sometimes large audiences of like-minded users organised on a particular topic.Administrators of “groups” at the leading social network can opt to have software automatically reject incoming posts showcasing information found to be false by third-party fact-checkers, Facebook App communities vice president Maria Smith said. Groups were once touted by chief executive Mark Zuckerberg as a way to build more intimate communities at the world-spanning social network by providing online spaces for users to connect based on hobbies, endeavours, or other interests. “Our research shows, those same features — privacy and community — are often exploited by bad actors, foreign and domestic, to spread false information and conspiracies,” disinformation researchers Nina Jankowicz and Cindy Otis wrote in a Wired opinion piece in 2020. Facebook has long been under heavy pressure to prevent its platform from being used to spread misinformation on topics from Russia’s invasion of Ukraine to the Covid-19 pandemic and elections. The platform on Wednesday also updated a “suspend” tool that administrators can use to temporarily stop selected members from posting, commenting or otherwise taking part in a group. For groups seeking to incorporate new members, Facebook added the ability to promote them using email or QR codes, Smith said. AFP currently works with Facebook’s fact checking program in more than 80 countries and 24 languages. Under the programme, which started in December 2016, Facebook pays to use fact checks from around 80 organisations, including media outlets and specialised fact checkers, on its platform, WhatsApp and on Instagram. — AFP

Link : https://www.google.com/amp/s/techcrunch.com/2022/03/09/forrester-predicts-rpa-software-market-growth-will-begin-to-flatten-next-year/amp/ Last year robotic process automation (RPA) was all the rage, as we saw market leader UiPath go public at a huge valuation, while larger more established players began to scoop up smaller vendors. Yet RPA has always felt like an interim automation solution to deal with legacy processes before shifting to a more intelligent no-code approach.Forrester Research’s latest data appears to back this up, predicting the RPA software market will reach $6.5 billion by 2025, but with the caveat that growth will start to flatten as soon as next year as companies shift to more AI-fueled automation solutions. “While we expect the tremendous market growth in 2021 to continue throughout 2022, fueled by pandemic-induced automation demand and ongoing digital transformation programs, growth rates will begin to flatten in 2023,” the company wrote in its latest RPA market report. While $6.5 billion is up significantly from it’s 2018 report when the firm predicted the market would reach $1.1 billion in 2019, it is still a fairly small amount overall when you consider Salesforce just completed a quarter in which it reported over $7 billion in revenue on its own. The services part of the market, helping implement these complex solutions, is expected to grow much more robustly compared to RPA software revenue. According to Forrester, RPA-related services could reach $16 billion by 2025, almost three times the software it’s trying to help implement. If you combine the services and software, it’s a much more impressive $25 billion market by 2025.Forrester analyst Leslie Joseph explained services revenue this way: “Services revenue counts the revenue that services vendors make by providing consulting, development, implementation, maintenance and support services around these products.” Service vendors include global systems integrators, consulting and advisory firms such as Accenture, IBM and EY, who may be partners or resellers of RPA software.Forrester is predicting that some of the money going to RPA software today will begin to shift to broader AI automation solutions. It’s worth noting that while RPA has robotic in its name, it’s not really AI in a true sense. The bots in this case are more like scripts completing a set of highly manual tasks. By comparison, no-code automation solutions make it easy to create a workflow, presumably without consulting help. AI provides a way to intelligently implement tasks and take steps based on the data instead of moving through a set of highly defined hard-coded work. This decline is coming in spite of investor enthusiasm for the market from investors who valued UiPath at $35 billion when it raised $750 million last year, its last private fundraise prior to its IPO. Today the company’s market cap sits at close to $15 billion, certainly a precipitous drop in value, even taking into consideration the big hit software companies have been taking in the stock market over the last year. Meanwhile, we also saw some pretty significant consolidation as companies like SAP bought Signavio, ServiceNow acquired Intellibot and Salesforce snagged Servicetrace, as several examples. Blue Prism, which is one of the top-three pure-play RPA vendors, accepted a $1.6 billion offer from SS&C after rejecting overtures from Vista Equity partners. That deal is expected to close later this month. When TechCrunch surveyed five investors last year about the RPA market, we asked them specifically about how RPA technology can stay relevant in the long term. For the most part, investors saw a market that could continue to expand, but if Forrester is correct, the market may be shifting as customers look to more modern AI automation services.

Link : https://www.google.com/amp/s/www.ukrinform.net/amp/rubric-ato/3425287-mariupol-defenders-destroy-or-damage-16-units-of-enemy-hardware-in-past-24-hrs.html On March 9, Ukrainian forces defending Mariupol, a strategic port city on the Sea of Azov, destroyed four Russian main battle tanks, an infantry fighting vehicle, as well as destroyed and damaged 11 Russian armored vehicles. That’s according to the press service of the Ministry of Internal Affairs of Ukraine, Ukrinform reports. "Mariupol defenders have been holding their ground for several days already. Special thanks to the police who keep patrolling the city and assisting its inhabitants. Our Marines destroyed four tanks and a BMP IMF yesterday. National Guardsmen with the Azov regiment destroyed and damaged 11 armored vehicles," the report reads. Read also: Everything that occupiers doing with Mariupol is beyond atrocities – Zelensky's address (full text) It is noted that the Ukrainian side is no longer counting enemy losses in manpower. The locals trust their defenders: many are unwilling to leave their homes, while most simply have nowhere to go to. For some, it is critical that they save their home, even if it’s already in ruins. Everyone understands that they have to act as one, in coordination, as the city has been besieged since March 1. This isn’t just a city, these are its people, these are our patriots sacrificing their lives for Ukraine," the Ministry emphasizes. As reported earlier, on Wednesday, Russian forces bombed a maternity hospital, a clinic, hospital, a children's hospital, and a therapy unit. A funnel over 10 meters in diameter remained at the site of the airstrike just outside the children’s hospital. On February 24, on the instructions of President Vladimir Putin, Russia launched a war with Ukraine. For the sixth day in a row, Russian troops have been shelling and destroying key infrastructure, with their missiles aiming including at apartment blocks. Martial law was imposed in Ukraine and a general mobilization was announced.

Nickname: @Bada. Video author: PlayStation Name of the game: Aztech Forgotten Gods - Launch Trailer | PS5, PS4 Video link: Short description of the video: Aztech Forgotten Gods is available now on PlayStation 5 and PlayStation 4! The time has come. For centuries, the Aztec people ushered in an era of wondrous technological and scientific progress. But with world-altering advancements comes unprecedented global risks. Only Achtli, a spirited young woman, can rise to the challenge and fight for her people when an innocent experiment turns into a supermassive, existential threat. Embrace the power of the gods and fight an enemy shrouded in mystery.

Voted V2 text & colour

Happy birthday 🎂🎉🎊

Link : https://www.6pr.com.au/apple-unveils-new-gadgets-drops-sports-rights-bombshell/ Apple has unveiled a new $719 version of its budget-priced iPhone that’s capable of connecting to ultrafast 5G wireless networks, an upgrade that’s already been available on the company’s upscale models for more than a year. The company also released a new desktop version of its personal computer called the Mac Studio, which will range in cost from $3,099 to $6,099 in Australia. A high-resolution 27-inch display screen designed for the Mac Studio starts at $2,499. The company also rolled out the latest version of its lightweight tablet, the iPad Air, for $929. All those computing devices will be powered by Apple’s own in-house chips and be available from March 18. Tech guru Trevor Long told Gareth Parker on 6PR Breakfast that Apple had also accrued the rights to Friday night baseball in the US. “The next five years of sports rights are going to be a battle for the ages,” Long said.Stan, Optus, Kayo, Amazon and now Apple have all entered the sports rights arena of late. “The big question for the AFL is whether they start to go down this route or whether they just stick with Seven and Foxtel/Kayo,” Parker asked.

Link : https://tech.eu/2022/03/08/software-ag-acquires-streamsets-in-eur524-million-deal/ Darnstadt-based process management, data management, and consulting services provider Software AG has acquired dataops platform StreamSets for €524 million, plus a customary retention package awarded to the latter’s senior management team. The transaction is expected to close before H1 of this year. As the first stop on Software AG’s M&A strategy to strengthen its position in a €61 billion total addressable market, the acquisition of StreamSets now gives the company entry to the cloud data integration sector. A sector that is seeing an annual growth rate of 26 percent, and is projected to reach $3.5 billion within the next three years. As a demonstration of just how strong a feather this now represents in Software AG’s cap, StreamSets has seen revenues grow at a four-year CAGR of over 70 percent through 2021.“This acquisition is a major milestone for Software AG. Its technology and team will further differentiate our hybrid integration offering for customers and fully complement our strategy to deliver sustainable profitable growth,” commented Software AG’s CEO Sanjay Brahmawar. “We are welcoming outstanding colleagues with a track record of innovation and success. Their base in California also extends our presence in North America, and I am incredibly excited at the prospect of working with them to grow our business together.” On the purchase, StreamSets CEO Girish Pancha commented, “Our products are made for each other, and we see tremendous opportunity in the convergence of application integration and data integration to deliver smart applications. I have been admiring Software AG’s transformation from afar, and together, I believe we will accelerate our growth trajectory by unlocking digital transformation for our customers.”

Link : https://www.google.com/amp/s/www.xda-developers.com/windows-subsystem-android-hardware-decoding/amp/ Microsoft has released an update for the Windows Subsystem for Android to Windows Insiders in all channels of the program. This update comes with some significant improvements that should make some apps that much more useful. Among them is support for hardware-accelerated H.264 video decoding in the Windows Subsystem for Android, meaning Android apps can run much more smoothly when playing back video in this format. Improvements have also been made to rendering in some apps. Previously, multisample anti-aliasing (MSAA) was being enabled on apps and couldn’t be disabled. While MSAA can result in better-looking games, it can also affect performance, so this change should help some apps run a little better.Another notable improvement has to do with email apps. If you have installed an Android app that asks you to open an email app (to share feedback, for example), it will now open the respective Windows app seamlessly. Finally, Microsoft has also made some fixes to “general input” in Android apps on Windows. That includes scrolling in the Amazon Appstore and Kindle apps, for example. This release of the Windows Subsystem for Android does come with a couple of known issues, though. Microsoft notes that video playback in Android apps may be choppy on some Windows PCs, which may be a consequence of enabling hardware decoding. Additionally, Android apps may be restarted when a PC comes out of Connected Standby.If you’re enrolled in the Windows Insider Program, you can update the Windows Subsystem for Android right now by going to the Microsoft Store and then Library > Get updates. If you haven’t installed it yet, you can get the Amazon Appstore here, which will automatically install the Windows Subsystem for Android on your PC. We also have guides on how to sideload Android apps on Windows 11 if you’re not in the United States, which is the only region where they’re officially supported. These updates should make it to non-Insiders sometime soon, since Android apps have been available since last month.

Nickname: @Bada. Video author: PlayStation Name of the game: My Little Pony: A Maretime Bay Adventure - Announce Trailer | PS4 Video link: Short description of the video: To all My Little Pony fans, we have great news! Soon you can embark on an epic adventure set in Maretime Bay and help the ponies in their dream to make the world a better place and bring magic and harmony back to their community. #MyLittlePony #AMaretimeBayAdventure is coming soon to all platforms!

HapPy birthday 🎂🎊🎉

Link : https://www.google.com/amp/s/www.indiatoday.in/amp/world/russia-ukraine-war/story/russia-ukraine-war-live-updates-march-9-volodymyr-zelenskyy-vladimir-putin-kyiv-shelling-evacuation-irpin-1922387-2022-03-08 Russia-Ukraine War news LIVE Updates March 9: Russia’s invasion of Ukraine entered the 14th day with Russian aircraft bombing cities in the country's eastern and central regions, including capital Kyiv, overnight. So far, two million civilians -- mostly women and children -- have fled Ukraine in the wake of the Russian onslaught. Ukrainian President Volodymyr Zelenskyy on Tuesday called for the expansion of humanitarian corridors and, in a new video, urged his people to keep resisting Russia’s assault. Meanwhile, the US has announced a ban on Russian oil imports in retaliation for its war on Ukraine. Stay tuned to Indiatoday.in for the latest news on the Russia-Ukraine war.Air raid siren sounded in Kyiv soon after Russia announces 'regime of silence' Soon after Russia announced a 'regime of silence' to enable speedy evacuation of civilians, air raid sirens were sounded in Kyiv.