nurdsoft

We're #hiring a new Senior Quality Assurance Test Engineer in India. Apply today or share this post with your network.

Checking back on last week's shenanigans in software tech & security! 🦠 New CRON#TRAP Phishing Attack Uses Backdoored Linux VMs on Windows A new phishing campaign uses phishing emails to infect Windows systems with a Linux VM containing a backdoor. Disguised as a "OneAmerica survey," the email includes a 285 MB ZIP file, which installs a QEMU-based Linux VM (PivotBox) on Windows, running with minimal security alerts. PivotBox enables stealthy C2 communication using Chisel for HTTP/SSH tunneling. Attackers can perform command execution, data exfiltration, and surveillance. For persistence, SSH keys are created, and the VM autostarts on reboot. 🔑 Okta Auth Bypass Bug for Long Usernames Fixed Okta disclosed a bug allowing authentication bypass via usernames of 52 characters or more under specific conditions. The vulnerability, impacting Okta’s AD/LDAP Delegated Authentication, required that: - The username was 52+ characters. - The user had a previous successful login stored in a cache. - The AD/LDAP agent was inaccessible, and MFA was disabled. Okta discovered and patched the issue on October 30, advising users to check logs since July 23 for suspicious login attempts with long usernames and to enforce MFA. Security experts suggested using SHA-256 to avoid bcrypt's limitation on long inputs. 🚛 Git Repository Bloat Issue and Fix A flaw in Git’s file comparison method can excessively bloat repositories, as seen in a Microsoft team’s mono repo. Git contributor Derrick Stolee identified that Git's name-hash algorithm often collided on file names (e.g., CHANGELOG.md), inflating storage by large margins. Using a new "path walk API" to avoid these collisions, the team reduced their repository from 178 GB to 5 GB. Stolee’s solution, which cuts space and speeds Git operations, will benefit large repositories prone to such collisions, while smaller ones may see limited impact. 🕸️ Proposal to Split JavaScript Draws Mixed Reactions A recent Google-led proposal to split JavaScript into two parts has stirred debate. Presented to the ECMAScript committee (TC39), the plan proposes a minimal core language ("JS0") for runtime engines and an expanded version ("JSSugar") reliant on compilers. The aim is to keep the core simple, prioritizing security and stability while reducing engine complexity. New features would go into JSSugar, aligning JavaScript more closely with common practices, as many developers already rely on TypeScript and tools like Babel. While the proposal seeks better performance and less complexity, it has met resistance from developers who want less reliance on tooling, fearing the loss of "Vanilla JS."

Concerned about securing your Go applications? We've put together a brief guide with 5 essential commands to help you strengthen security and identify potential vulnerabilities in your Go apps! #golang #programming #developers

Jetpack Security Patch, Terraform 2.0 Beta, Internet Archive Breach & .NET 9 RC – Key Tech Updates from Last Week! 📑 Critical Security Update Released for Jetpack WordPress Plugin A critical security flaw affecting WordPress plugin Jetpack, used on around 27 million sites, was patched last week. The vulnerability, present in the Contact Form feature since version 3.9.9 (2016), could allow logged-in users with low-level roles to view site visitors' form submissions. Jetpack reports no known exploitation but warns that attempts may arise now that the issue is public. Automatic updates have been rolled out, but administrators with auto-updates disabled should manually update their sites to avoid potential risks. 🟦 HashiCorp Unveils Terraform 2.0 Amid Impending IBM Acquisition At HashiConf 2024, HashiCorp announced major updates like Terraform 2.0 (Stacks) entering public beta and the general availability of HCP Waypoint, while quietly avoiding the topic of its upcoming $6.4 billion acquisition by IBM. Terraform Stacks aims to improve infrastructure management and scalability, allowing up to 500 resources for free during beta. Other updates include GPU scheduling in Nomad for AI and advancements in HCP Vault for security. Despite IBM's looming presence, HashiCorp reassured attendees that its core offerings remain strong amidst the transition. 🥷🏼 Internet Archive Breached Again via Stolen Access Tokens The Internet Archive suffered another data breach, this time through its Zendesk email support platform, after failing to rotate stolen GitLab authentication tokens exposed for nearly two years. The breach allowed threat actors to access over 800,000 support tickets, some containing personal identification documents. This follows an earlier breach where 33 million user records were stolen. 🟥 Microsoft Previews Unified .NET API for AI and Releases .NET 9 RC with Go-Live License Microsoft has introduced the Microsoft. Extensions. AI library, aiming to create a unified API for AI programming in C#. This abstraction layer would allow developers to interact with AI services, offering a standard API across different providers, while still enabling the use of proprietary APIs when necessary. Reference implementations are available for OpenAI, Azure AI, and Ollama. Additionally, Microsoft released a .NET 9 release candidate with a go-live license, ahead of its official launch in November. .NET 9 focuses on cloud-native applications and performance, with enhancements across C# 13 and improvements in frameworks like MAUI and Blazor. This version is not long-term support (LTS) and will be supported for 18 months. #dotnet #hashicorp #wordpress #devops

This week's tech news features new releases in Python and Git, along with AI's impact on power generation! 🐍 Python 3.13: New Features and Highlights Python 3.13, released on October 7, 2024, introduces significant updates to the language and standard library. Major features include a new interactive interpreter, experimental support for free-threaded mode (PEP 703), and a Just-In-Time compiler (PEP 744). Tracebacks are now highlighted in color by default, improving error message clarity. The locals() builtin has refined behavior, and type parameters can now have default values. Deprecated APIs and modules from earlier versions have been removed, enhancing user experience and correctness. The release balances new functionality with improved performance, making Python 3.13 a notable upgrade. 🥷🏼 Internet Archive Restores Services in Read-Only Mode After Cyberattack and Data Breach Affecting 31 Million Accounts The Internet Archive is now back online in a read-only state after a cyberattack and data breach brought it offline on October 9th. The attack led to the theft of 31 million records, including email addresses, screen names, and Bcrypt-hashed passwords. While services like the Wayback Machine are accessible to browse archived content, features like capturing new pages are currently disabled. The team is gradually restoring services while enhancing security. 🔋 US Utility Companies Face Urgent Need to Expand Power for AI Data Centers A Bain & Company report warns that U.S. utility companies must rapidly increase power generation by up to 26% by 2028 to meet soaring demand from AI-driven data centers. The report projects that by 2028, data centers could consume 44% of U.S. energy, surpassing residential, manufacturing, and commercial sectors. Without swift modernization, companies may face energy shortages, with some data centers potentially forced to generate their own power. The report highlights the strain AI's growth places on energy infrastructure, raising concerns about reliance on dirtier energy sources to meet the increased demand. 🍴 Git 2.47 Highlights A new Git 2.47 introduces significant updates, including incremental multi-pack indexes (MIDXs), which improve performance by allowing faster object lookups. This experimental feature enables adding new objects via an incremental MIDX layer, speeding up updates without a full MIDX rebuild. Another addition is a tool for identifying base branches using the new %(is-base:) atom in for-each-ref, simplifying branch origin detection. Git also formalized its Platform Support Policy, outlining system requirements. Additionally, reftable, Git's reference backend, saw unit test improvements, and new VSCode merge tool support allows easier 3-way merge configuration via git mergetool. Other enhancements include better memory leak detection and more comprehensive testing. #python #git #cybersecurity #ai

This week's tech news features new releases in Python and Git, along with AI's impact on power generation! 🐍 Python 3.13: New Features and Highlights Python 3.13, released on October 7, 2024, introduces significant updates to the language and standard library. Major features include a new interactive interpreter, experimental support for free-threaded mode (PEP 703), and a Just-In-Time compiler (PEP 744). Tracebacks are now highlighted in color by default, improving error message clarity. The locals() builtin has refined behavior, and type parameters can now have default values. Deprecated APIs and modules from earlier versions have been removed, enhancing user experience and correctness. The release balances new functionality with improved performance, making Python 3.13 a notable upgrade. 🥷🏼 Internet Archive Restores Services in Read-Only Mode After Cyberattack and Data Breach Affecting 31 Million Accounts The Internet Archive is now back online in a read-only state after a cyberattack and data breach brought it offline on October 9th. The attack led to the theft of 31 million records, including email addresses, screen names, and Bcrypt-hashed passwords. While services like the Wayback Machine are accessible to browse archived content, features like capturing new pages are currently disabled. The team is gradually restoring services while enhancing security. 🔋 US Utility Companies Face Urgent Need to Expand Power for AI Data Centers A Bain & Company report warns that U.S. utility companies must rapidly increase power generation by up to 26% by 2028 to meet soaring demand from AI-driven data centers. The report projects that by 2028, data centers could consume 44% of U.S. energy, surpassing residential, manufacturing, and commercial sectors. Without swift modernization, companies may face energy shortages, with some data centers potentially forced to generate their own power. The report highlights the strain AI's growth places on energy infrastructure, raising concerns about reliance on dirtier energy sources to meet the increased demand. 🍴 Git 2.47 Highlights A new Git 2.47 introduces significant updates, including incremental multi-pack indexes (MIDXs), which improve performance by allowing faster object lookups. This experimental feature enables adding new objects via an incremental MIDX layer, speeding up updates without a full MIDX rebuild. Another addition is a tool for identifying base branches using the new %(is-base:) atom in for-each-ref, simplifying branch origin detection. Git also formalized its Platform Support Policy, outlining system requirements. Additionally, reftable, Git's reference backend, saw unit test improvements, and new VSCode merge tool support allows easier 3-way merge configuration via git mergetool. Other enhancements include better memory leak detection and more comprehensive testing. #python #git #cybersecurity #ai

How big is your Monday checklist? What if … instead of procrastinating about it, you read some tech news about WASM, Linux, Security, and more! 🐧 Golang Adopts Faster getrandom() with vDSO Support on Linux Golang has integrated support for the faster getrandom() function using vDSO on Linux systems, leveraging the capabilities introduced in the Linux 6.11 kernel for more efficient random number generation. Benchmark tests show significant improvements, including a reduction in operation time by 87% and a nearly 720% increase in read throughput. This update marks another early adoption of vDSO getrandom() by programming languages like Golang, alongside Glibc. 🗳️ Wasmer 4.4 Enhances WebAssembly Runtime with New Features Wasmer 4.4, the latest version of the WebAssembly runtime, continues to bolster its capabilities for running universal apps across various environments, from edge devices to the cloud. Key improvements in this release include object size estimation, better proxy handling, enhanced executable spawning, and various bug fixes. Although not a major overhaul, this update builds on the already solid Wasmer 4.x foundation, maintaining its position as one of the most robust WebAssembly runtimes for desktop environments. 🤖 AI-Generated Images Enhance Robot Training in New Research Researchers from Stephen James’s Robot Learning Lab in London have developed Genima, a system that fine-tunes Stable Diffusion, an image-generating AI model, to produce training data for robots. Genima helps guide robots in simulations and real-world tasks by overlaying sensor data onto images, which directs robots' movements through visual feedback. This approach makes robot training more interpretable and efficient, with the potential to improve a range of machines, from robotic arms to driverless cars. While initial success rates in tests were moderate, the system shows promise for future applications, particularly in domestic robot tasks and AI web agents. 🪶 Apache HTTP Server Vulnerabilities Enable Serious Cyber Threats Two critical vulnerabilities in the Apache HTTP Server—CVE-2024-40725 and CVE-2024-40898—have been discovered, posing serious risks to organizations worldwide. These vulnerabilities, affecting versions 2.4.0 through 2.4.61, allow attackers to exploit HTTP request smuggling and bypass SSL authentication, potentially leading to unauthorized access to sensitive data. With over 7.6 million instances exposed, attackers are actively discussing exploits on Dark Web forums. Organizations must promptly apply patches, update to version 2.4.62 or later, and review server configurations to mitigate these threats. Web Application Firewalls and regular security assessments are also recommended. #ai #golang #security #apache

We are back to bother y'all with the latest tech updates featuring news from the world of Linux and open-source this week! 🐧 Major Linux Vulnerability Exposes Systems to Remote Code Execution – Here’s What You Need to Know A critical vulnerability in the Common UNIX Printing System (CUPS) has raised alarms, potentially exposing up to 300,000 Linux endpoints to remote code execution (RCE). While most of the exposed systems are likely desktops rather than servers, the flaw enables attackers to exploit the cups-browsed daemon if it is manually enabled. The vulnerability affects several versions of Linux, including Red Hat Enterprise Linux (RHEL), but it’s not active by default in most cases. Mitigation is simple, involving disabling the cups-browsed service or updating the CUPS package. 🐘 PostgreSQL 17 Released: Enhanced Performance and New Features PostgreSQL 17 has officially launched, introducing significant performance enhancements and new functionalities. The latest version revamps the internal memory structure for vacuum processes, reducing memory usage by up to 20 times, while improvements to the I/O layer can deliver double the write throughput for high-concurrency workloads. Additional features include support for JSON_TABLE, enhanced MERGE functionalities, a new collation provider, and incremental backup capabilities with pg_basebackup. 🗃️ Valkey 8.0 Released: A High-Performance Fork of Redis Achieving One Million RPS Valkey 8.0 has been launched as a powerful fork of Redis, designed to handle up to one million requests per second (RPS). This release focuses on significant performance enhancements, tripling the speed of its predecessor and introducing numerous optimizations for better memory efficiency. Key improvements include optimized handling of temporary set objects, experimental RDMA user keep-alive support, and enhancements to multi-threaded performance through memory prefetching. The release also features dual-channel efficient full-sync replication and various command changes, ensuring full compatibility with Redis OSS 7.2.4. With these advancements, Valkey is poised to become a leading open-source alternative to Redis, attracting more industry attention. 💰 Compensation Correlates with Security: Survey Highlights Need for Better Support for Open-Source Maintainers A Tidelift survey of 400 open-source software maintainers reveals that paid maintainers are 55% more likely to implement critical security and maintenance practices than their unpaid counterparts, such as two-factor authentication and static code analysis. Despite the benefits of compensation, 60% of maintainers remain unpaid, leading many to feel underappreciated and stressed, with 60% considering quitting. As threats like malware increase, maintainers now spend about 11% of their time on security tasks, yet skepticism about AI tools persists, with 64% fearing they could negatively impact their work. #linux #postgres #opensource #security

We are back to bother y'all with the latest tech updates featuring news from the world of Linux and open-source this week! 🐧 Major Linux Vulnerability Exposes Systems to Remote Code Execution – Here’s What You Need to Know A critical vulnerability in the Common UNIX Printing System (CUPS) has raised alarms, potentially exposing up to 300,000 Linux endpoints to remote code execution (RCE). While most of the exposed systems are likely desktops rather than servers, the flaw enables attackers to exploit the cups-browsed daemon if it is manually enabled. The vulnerability affects several versions of Linux, including Red Hat Enterprise Linux (RHEL), but it’s not active by default in most cases. Mitigation is simple, involving disabling the cups-browsed service or updating the CUPS package. 🐘 PostgreSQL 17 Released: Enhanced Performance and New Features PostgreSQL 17 has officially launched, introducing significant performance enhancements and new functionalities. The latest version revamps the internal memory structure for vacuum processes, reducing memory usage by up to 20 times, while improvements to the I/O layer can deliver double the write throughput for high-concurrency workloads. Additional features include support for JSON_TABLE, enhanced MERGE functionalities, a new collation provider, and incremental backup capabilities with pg_basebackup. 🗃️ Valkey 8.0 Released: A High-Performance Fork of Redis Achieving One Million RPS Valkey 8.0 has been launched as a powerful fork of Redis, designed to handle up to one million requests per second (RPS). This release focuses on significant performance enhancements, tripling the speed of its predecessor and introducing numerous optimizations for better memory efficiency. Key improvements include optimized handling of temporary set objects, experimental RDMA user keep-alive support, and enhancements to multi-threaded performance through memory prefetching. The release also features dual-channel efficient full-sync replication and various command changes, ensuring full compatibility with Redis OSS 7.2.4. With these advancements, Valkey is poised to become a leading open-source alternative to Redis, attracting more industry attention. 💰 Compensation Correlates with Security: Survey Highlights Need for Better Support for Open-Source Maintainers A Tidelift survey of 400 open-source software maintainers reveals that paid maintainers are 55% more likely to implement critical security and maintenance practices than their unpaid counterparts, such as two-factor authentication and static code analysis. Despite the benefits of compensation, 60% of maintainers remain unpaid, leading many to feel underappreciated and stressed, with 60% considering quitting. As threats like malware increase, maintainers now spend about 11% of their time on security tasks, yet skepticism about AI tools persists, with 64% fearing they could negatively impact their work. #linux #postgres #opensource #security

🌟 We’re Growing! Be Part of Something Big! 🌟 NurdSoft is on the lookout for talented engineers to join our innovative and fast-paced team. 🚀 Are you passionate about tech, driven by solving tough challenges, and ready to work where innovation meets real impact? If so, your next adventure starts here. 💥 Open Roles- 🚀 Lead DevOps Engineer- https://lnkd.in/dWXQuw7k 💻 Senior Backend Engineer-https://lnkd.in/dXbfHX5E 🛠️ Senior QA Engineer-https://lnkd.in/dEj5d5Mn Why NurdSoft? 💻 Flexible Work, Your Way: We’re a remote-first company because we know work-life balance matters. Work where you thrive! 📚 Grow with Us: From training to career advancement, we’ve got the tools to help you level up. Your professional growth is our priority. 🌈 Diversity & Inclusion: At NurdSoft, we’re not just about building great tech—we’re building a culture where all voices are heard and every idea counts. Ready to make waves and create something amazing? 🌊 Apply now and let’s shape the future together. 💡 #Hiring #TechJobs #RemoteWork #CareerGrowth #IndiaJobs ##JoinTheTeam #ITJobs #DevOps #QA #BackendEngineer #TesterJobs