We are back to bother y'all with the latest tech updates featuring news from the world of Linux and open-source this week! 🐧 Major Linux Vulnerability Exposes Systems to Remote Code Execution – Here’s What You Need to Know A critical vulnerability in the Common UNIX Printing System (CUPS) has raised alarms, potentially exposing up to 300,000 Linux endpoints to remote code execution (RCE). While most of the exposed systems are likely desktops rather than servers, the flaw enables attackers to exploit the cups-browsed daemon if it is manually enabled. The vulnerability affects several versions of Linux, including Red Hat Enterprise Linux (RHEL), but it’s not active by default in most cases. Mitigation is simple, involving disabling the cups-browsed service or updating the CUPS package. 🐘 PostgreSQL 17 Released: Enhanced Performance and New Features PostgreSQL 17 has officially launched, introducing significant performance enhancements and new functionalities. The latest version revamps the internal memory structure for vacuum processes, reducing memory usage by up to 20 times, while improvements to the I/O layer can deliver double the write throughput for high-concurrency workloads. Additional features include support for JSON_TABLE, enhanced MERGE functionalities, a new collation provider, and incremental backup capabilities with pg_basebackup. 🗃️ Valkey 8.0 Released: A High-Performance Fork of Redis Achieving One Million RPS Valkey 8.0 has been launched as a powerful fork of Redis, designed to handle up to one million requests per second (RPS). This release focuses on significant performance enhancements, tripling the speed of its predecessor and introducing numerous optimizations for better memory efficiency. Key improvements include optimized handling of temporary set objects, experimental RDMA user keep-alive support, and enhancements to multi-threaded performance through memory prefetching. The release also features dual-channel efficient full-sync replication and various command changes, ensuring full compatibility with Redis OSS 7.2.4. With these advancements, Valkey is poised to become a leading open-source alternative to Redis, attracting more industry attention. 💰 Compensation Correlates with Security: Survey Highlights Need for Better Support for Open-Source Maintainers A Tidelift survey of 400 open-source software maintainers reveals that paid maintainers are 55% more likely to implement critical security and maintenance practices than their unpaid counterparts, such as two-factor authentication and static code analysis. Despite the benefits of compensation, 60% of maintainers remain unpaid, leading many to feel underappreciated and stressed, with 60% considering quitting. As threats like malware increase, maintainers now spend about 11% of their time on security tasks, yet skepticism about AI tools persists, with 64% fearing they could negatively impact their work. #linux #postgres #opensource #security
nurdsoft’s Post
More Relevant Posts
-
🌟 We’re Growing! Be Part of Something Big! 🌟 NurdSoft is on the lookout for talented engineers to join our innovative and fast-paced team. 🚀 Are you passionate about tech, driven by solving tough challenges, and ready to work where innovation meets real impact? If so, your next adventure starts here. 💥 Open Roles- 🚀 Lead DevOps Engineer- https://lnkd.in/dWXQuw7k 💻 Senior Backend Engineer-https://lnkd.in/dXbfHX5E 🛠️ Senior QA Engineer-https://lnkd.in/dEj5d5Mn Why NurdSoft? 💻 Flexible Work, Your Way: We’re a remote-first company because we know work-life balance matters. Work where you thrive! 📚 Grow with Us: From training to career advancement, we’ve got the tools to help you level up. Your professional growth is our priority. 🌈 Diversity & Inclusion: At NurdSoft, we’re not just about building great tech—we’re building a culture where all voices are heard and every idea counts. Ready to make waves and create something amazing? 🌊 Apply now and let’s shape the future together. 💡 #Hiring #TechJobs #RemoteWork #CareerGrowth #IndiaJobs ##JoinTheTeam #ITJobs #DevOps #QA #BackendEngineer #TesterJobs
-
-
Your weekly news tech update covering Payment Breaches, Malware Attacks, AI Glitches, and Crypto Scams 📰 💰 Payment gateway data breach affects 1.7 million credit card owners A data breach at payment gateway provider Slim CD exposed the personal and credit card information of nearly 1.7 million individuals. Hackers had access to the company’s network for almost a year, from August 2023 to June 2024, although credit card data was accessed specifically between June 14 and 15, 2024. Compromised information includes names, addresses, card numbers, and expiration dates. While CVV numbers were not exposed, there remains a risk of credit card fraud. Slim CD has enhanced its security measures and advises affected individuals to stay alert for suspicious activity. 🐍 North Korean Lazarus hackers target Python developers with malware-laced coding tests The North Korean hacker group Lazarus targets Python developers by posing as recruiters and offering coding tests for password management products that secretly contain malware. The 'VMConnect' campaign has been active since August 2023, with hackers using fake Python packages on PyPI. Lazarus impersonates large U.S. banks like Capital One, luring developers through platforms like LinkedIn. Victims are asked to fix bugs in a password manager project, but running the provided files executes a hidden malware downloader. The attackers pressure victims to complete the task quickly to avoid detection. Developers are advised to verify recruiters and check code in safe environments. 📱 iPhone 16's AI-powered Apple Intelligence shows early signs of unreliability Apple unveiled the iPhone 16, highlighting its A18 chip designed for the new Apple Intelligence AI software, set to assist in tasks like summarizing messages, writing emails, and photo editing. However, in tests of its prerelease software, Apple's AI has been found to generate inaccurate or fabricated information frequently. These errors range from funny to concerning, with the AI sometimes misinterpreting basic facts, misclassifying emails, or even editing selfies awkwardly. Though promising, the software's current shortcomings suggest that potential buyers might want to wait for improvements before investing in the iPhone 16. 🔐 Crypto Scam Losses Surge 45% in 2023, FBI Reports Losses from cryptocurrency scams grew by 45% in 2023 compared to the previous year, exceeding $5.6 billion, according to an FBI report. The increase is linked to the speed and irreversibility of digital asset transactions. Investment scams accounted for 71% of the losses, with call center and government impersonation scams following. Older adults, especially those over 60, were disproportionately affected, losing over $1.6 billion. The FBI emphasized that while blockchain transactions are traceable, international money transfers pose challenges for law enforcement. #cybersecurity #crypto #tech #python
-
The future of AI with commoditized hardware
I got Llama 3 405B (the big one) running on two MacBooks. I used MLX, Apple’s open source ML library and exo for distributed inference across devices: https://lnkd.in/e965B96E
-
We're #hiring a new Golang Developer- LATAM in Argentina. Apply today or share this post with your network.
-
We skipped Monday, cuz who likes it?, ...Not us! Anyway, here's what's been happening latest in the tech world!! 🔑 New PowerShell Keylogger Steals Sensitive Data—Here’s How to Stay Safe A new keylogger, discovered by CYFIRMA, uses Microsoft PowerShell scripts to stealthily capture keystrokes and steal sensitive information like login credentials and financial data. Exploiting PowerShell’s deep integration with Windows, this malware employs advanced evasion techniques, such as encoded command execution and dual-channel communication via Tor, to avoid detection. To protect against this threat, organizations should tighten security policies around PowerShell, invest in advanced threat detection, educate employees on phishing risks, conduct regular system audits, and deploy robust endpoint protection. 🥷🏼 How MI6 and the CIA Are Using AI to Combat Modern Threats MI6 and the CIA are leveraging generative AI to navigate massive amounts of data and address complex global threats, including cyberattacks from Russia and China. Partnering with tech firms like Microsoft, they deploy specialized AI models to analyze data securely and enhance their covert operations. While details are under wraps, AI is set to play a key role in modern intelligence and counter-terrorism strategies. 🔓 New RAMBO Attack Steals Data from Air-Gapped Computers Using RAM Signals Researchers have developed a novel side-channel attack called "RAMBO" that exfiltrates data from highly secure, air-gapped computers by exploiting electromagnetic emissions from their RAM. The attack involves malware that manipulates RAM's memory access patterns to emit radio signals, which are then captured by nearby receivers. While the attack can only transfer small amounts of data at slow speeds and short distances, it remains a significant threat to isolated systems in high-security environments. Mitigation strategies include physical defenses, RAM jamming, EM interference, and Faraday enclosures to block electromagnetic leaks. 📊 Survey: The AI wave continues to grow on software development teams GitHub surveyed 2,000 software development professionals across the U.S., Brazil, India, and Germany to assess generative AI tools' use, impact, and expectations in software development. Over 97% of respondents reported using AI coding tools, but only 59-88% indicated company support for AI adoption, varying by region. The U.S. shows the highest support (88%), while Germany shows the lowest (59%). #ai #cybsecurity #software #developers
-
🚀 Exciting News! 🚀 Nurdsoft will be attending Oracle Cloud World 2024 in Las Vegas! Our team is eager to connect with industry leaders, explore cutting-edge software solutions in the cloud, and discuss how our professional services can help businesses maximize their Oracle Cloud investments. If you’re attending, let’s schedule a time to meet and explore opportunities to collaborate. Feel free to reach out here or contact us at info@nurdsoft.com. See you in Vegas! #OracleCloudWorld #Networking #CloudInnovation #ProfessionalServices #LasVegas2024 #s
