"As a #Jewish #NewYorker, #food is always top of mind—at home, it revolves around cooking and preparing for the next #Shabbat or holiday #meal, and on the streets of #NewYorkCity, the world of Jewish food exists vastly in the form of #delicatessens, #bakeries, lox counters, and steakhouses. In a city with such strong ties to Jewish heritage—namely the Lower East Side where Jewish immigrants settled in the early 1900s, and pockets of #Brooklyn, home to one of the largest Orthodox Jewish communities in the world—it’s no secret that some of the city’s best and most nourishing bites have deep historical ties to Jewish culture, with influence from #EasternEurope, #Morocco, #Israel, and everywhere in between."

https://www.cntraveler.com/story/the-best-jewish-food-in-nyc-according-to-a-jewish-new-yorker

🇨🇦 Private equity and health care: Should Canadians be concerned?
Some U.S. critics have gone so far as to describe private equity firms as vulture capitalists.

@gemelliz
#Canada #Canpoli #Healthcare

https://healthydebate.ca/2024/07/topic/private-equity-health-care/

In September 2023, I published a story about extensive research suggesting that thieves who'd obtained a copy of the encrypted LastPass vaults that were exposed in a 2022 data breach were successfully cracking access to some LastPass accounts, leading to a significant number of 7-figure+ cryptocurrency thefts.

https://krebsonsecurity.com/2023/09/experts-fear-crooks-are-cracking-keys-stolen-in-lastpass-breach/

In the past week, the talented crypto crime researcher ZachXBT walked through how thieves have stolen another $5.36M from over 40 different crypto wallet addresses recently, and why it was likely tied to the LastPass breach.

https://www.theblock.co/post/331118/lastpass-threat-actor-drains-5-4-million-in-crypto-from-over-40-victim-addresses-zachxbt

In response to media coverage of ZachXBT's research, LastPass issued a statement that basically said all of the researchers who've connected high-dollar thefts to the LastPass breach are somehow barking up the wrong tree:

"A year has passed since initial claims surfaced alleging a link between certain cryptocurrency thefts and the 2022 LastPass security incidents,” LastPass Chief Secure Technology Officer Christofer Hoff said. “In that time, LastPass has investigated these claims and to date is not aware of any conclusive evidence that directly connects these crypto thefts to LastPass. Because we take any claims regarding the security of LastPass and our customers seriously, we continue to invite any security researchers who believe they may have evidence to contact the LastPass Threat Intelligence team.”

Taylor Monahan, lead product manager at MetaMask, is one of the researchers who's been most vocal about the apparent fallout from the LastPass breach. Tay's responses over on Hellsite to the LastPass statement are scathing.

https://x.com/tayvano_/status/1869780370671226962

Der Bundestag beschließt das novellierte Filmförderungsgesetz. Die Filmproduktion in Deutschland geht weiter, aber ohne geplanten Diversitätsbeirat.

Nancy By Ernie Bushmiller
December 20,1949

Sophos security advisory 19 December 2024: Resolved Multiple Vulnerabilities in Sophos Firewall (CVE-2024-12727, CVE-2024-12728, CVE-2024-12729)

• CVE-2024-12727 (9.8 critical) pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall
• CVE-2024-12728 (9.8 critical) weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall
• CVE-2024-12729 (8.8 high) post-auth code injection vulnerability in the User Portal allows authenticated users to execute code remotely in Sophos Firewall

Sophos has not observed these vulnerabilities to be exploited at this time.

#sophos #firewall #vulnerability #cve #infosec #cybersecurity

#Meme #LOTR

Kurz vor knapp haben Bundestag und Bundesrat den Weg für die Finanzierung des Deutschlandtickets 2025 freigemacht. Teurer wird das Ticket trotzdem.

Benieuwd hoe ver dit komt. https://dekanttekening.nl/nieuws/advocaat-sterk-doet-aangifte-tegen-wilders-voor-belediging-van-palestijnse-nederlanders/

Eine Gasspeicherumlage war Nachbarländern ein Dorn im Auge. Sie ist nun bald Geschichte.

Tja, in Rekordzeit schlecht gealtert.

New, by me: Hospital giant Ascension said a May ransomware attack allowed hackers to steal data on 5.6 million patients — the third-largest healthcare data breach of the year.

https://techcrunch.com/2024/12/20/ransomware-attack-on-health-giant-ascension-hits-5-6-million-patients/

Current* conditions near Chicago, IL:

Nach über 50 Jahren genießen viele Menschen in Syrien die Freiheit, zu demonstrieren. Und nutzen ihr Recht: Für einen säkularen Staat, für Pluralismus.

Ob Eigenbedarf oder Wuchermiete: Vermieter brechen systematisch Gesetze. Manchmal wird der Rechtsbruch aufgehalten. Strafen erhalten sie nie.

What they sell in Poland as an "original" döner kebab. Bacon Cheese Döner 😭

It's actually one of the things that feels weird in Poland if you're German. Polish people love to adapt food from other countries, but compared to Berlin, it's usually Polish people running these restaurants rather than people from the food's country of origin.
#berlin #poland #döner #food

Eine Alternative zu Cookie-Bannern soll das Surfen im Netz angenehmer machen. Doch Verbraucherschützer kritisieren die Neuregelung.

Die Linke hat Michael Kretschmer ins Amt verholfen. Sie tut sich keinen Gefallen, einen Ministerpräsidenten zu wählen, nur weil von rechts die AfD droht.

Über die Deutsche Bahn meckern können alle gut – der Podcast „Teurer Fahren“ liefert die Argumente.

Kampfkluft oder Luxuslabel? Der Bildband „Fashion Army“ zeigt Arbeitskleidung des US-Militärs.

fuck i gotta shower, cant alt text it for a spell, but i fuckin laughed

JPCERT/CC: Recent Cases of Watering Hole Attacks, Part 1
Japan's Computer Emergency Response Center shows a graphic about APT attacks, but talks generally about watering hole attacks targeting Japan. They describe multiple watering hole attacks by the same threat actor group (unknown). Indicators of compromise are shared.

#wateringhole #IOC #threatintel #infosec #cybersecurity #cyberthreatintelligence #cti

Speaker Johnson Books Trip On The Kobayashi Maru

At the moment, Speaker Jeebus Johnson is trying to pass the legislation under a suspension of the normal rules. The upside to doing it this way is that it stops the usual vandals from throwing cinder blocks onto the highway by demanding procedural votes or trying to add amendments. The downside to doing it this way is that it requires a two-thirds vote…

http://mockpaperscissors.com/2024/12/20/speaker-johnson-books-trip-on-the-kobayashi-maru/

Kaspersky: BellaCPP: Discovering a new BellaCiao variant written in C++
Kaspersky discovered an older version of BellaCiao written in C++, while investigating an intrusion on a computer in Asia. They provide a technical analysis of this version, dubbed BellaCPP, which they assess with medium to high confidence to the Iranian state-actor Charming Kitten (publicly attributed to Islamic Revolutionary Guard Corps (IRGC) by the U.S. Government). Kaspersky believes they continue to work on and update BellaCiao, and warns incident responders to be thorough in investigations for finding unknown samples, not just the known ones. Indicators of compromise provided.

#charmingkitten #mintsandstorm #apt42 #apt35 #iran #irgc #cyberespionage #IOC #threatintel #infosec #cybersecurity #cyberthreatintelligence #cti

Learning from the Abolitionist Playbook https://open.substack.com/pub/grassrootsconnector/p/learning-from-the-abolitionist-playbook

Here's what happens if the government shuts down right before the holidays

"During a shutdown, the federal government would be unable to pay its millions of employees, including members of the military and reservists, just before the holidays . . .

'Hundreds of thousands of government workers could be furloughed, meaning they would temporarily stop going to work. During a shutdown in 2013, about 850,000 workers were furloughed."

https://news.yahoo.com/heres-happens-government-shuts-down-035938988.html

The multi-billionaire owner of luxury jewellery company Cartie, Johann Rupert, has said his greatest fear is robots replacing workers and the poor rising up to bring down the rich, per the Independent.

#news #finance #economics #stocks #options

Oh FFS. I just received a grade grubbing email written using ChatGPT. This is like any moment in a superhero franchise when the villains join forces. #academia #academicchatter #academiclife

Found 8 new servers and 21 servers died off since 7 hours ago.

22,914 servers checked. 14,756,970 Total Users with 1,069,805 Active Users today. Check out the stats!

New #fediverse servers found:

stream.neotheta.fi a #owncast server from Germany
keepupwthetempo.com a #wordpress server from United States
janerationx.rocks a #mastodon server from Portugal
pixel.starbuckstech.com a #pixelfed server from United States
content.haacksnetworking.org a #peertube server from United States
social.moekyun.me a #sharkey server from United States
thedailyid.com a #wordpress server from United States
m.drifting.boats a #mastodon server from Private

Help others find a home, send them to fediverse.observer

'Making this dude look cool as hell': NYPD's Luigi Mangione photo op instantly backfires - Raw Story

https://www.rawstory.com/luigi-mangione-backfire-nypd/

Unit 42: Now You See Me, Now You Don’t: Using LLMs to Obfuscate Malicious JavaScript
Unit 42 describes how large language models (LLMs) can generate malicious JavaScript code (or at least rewrite/obfuscate existing malware). Attackers can prompt LLMs to perform "transformations" that are much more natural-looking (read:benign) which make malware harder to detect by security vendor tools and malware classifiers. Unit 42 provides real-world examples of detections from LLM-obfuscated malicious JavaScript. Indicators of compromise are provided.

#llm #JavaScript #malware #obfuscation #IOC #infosec #cybersecurity #cyberthreatintelligence #cti

Last night, I graded an AI-generated paper so poor that even I was like, “Oh, ChatGPT, I know you can do better.” #academia #academicchatter #chatgpt #professor

In the United States, the principle of "innocent until proven guilty" is a cornerstone of justice. Yet, the NYPD's promotion of fascist pageantry, exemplified by this stunt, only undermines that ideal. It should be central to the defense’s case that Luigi Mangione, the alleged Claims Adjuster Assassin, cannot receive a fair trial given the NYPD's exploitation of his image for a grotesque PR campaign.

#luigimangione #nyc

Follow me for more recipes.

#FunnyRecipes

Krebs on Security: Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm
A cracked version of Acunetix, a commercial web app vulnerability scanner, is being resold as a cloud-based service to cybercriminals. @briankrebs traced the identity of the advertiser to an individual named Altuğ Şara from Ankara, Turkey, who worked the past two years as a senior software developer for a Turkish IT firm called Bilitro Yazilim.

#Araneida #acunetix #altugsara #turkey #BilitroYazilim #cybercrime #threatintel #infosec #cybersecurity #cyberthreatintelligence #cti

“A man in California had been messaging [school shooter] about attacking a government building with a gun and explosives, according to a restraining order issued against him under California’s gun red flag law. The order didn’t detail his interactions with Rupnow except to state that the man was plotting a mass shooting with her.”

https://apnews.com/article/wisconsin-school-shooting-abundant-life-rupnow-32ef21b182db91a097dfffa317dfec53
#California #Wisconsin #schoolshooting #DomesticTerrorism

»Die Scham muss die Seite wechseln«, dieser Satz ging um die Welt, wo Gisèle Pelicot seither für ihren Mut und ihre Entschlossenheit bewundert wird. Dank des Avignon-Prozesses ermutigt Pelicot Opfer dazu, laut zu werden, schreibt Livia Lergenmüller.

👉 https://www.nd-aktuell.de/artikel/1187700.avignon-prozess-schande-gehoert-nur-den-taetern.html

Hol dir jetzt dein Last-Minute-Geschenk: Linken Journalismus im Abo. 🎁 https://dasnd.de/verschenken 🎁