Performance evaluation administrative assistant samples
[Discussion] Quarterly Non-Fiction Thinking, Fast and Slow by Daniel Kahneman, Chapters 11-17
2024.05.15 16:02 Meia_Ang [Discussion] Quarterly Non-Fiction Thinking, Fast and Slow by Daniel Kahneman, Chapters 11-17
Hello everyone, welcome to the third discussion about
Thinking, Fast and Slow by Daniel Kahneman. Hope you studied hard this week, I sure did!
Summary
Previously, in Thinking Fast and Slow, we followed Kahneman and Amos’s academic bromance in the wonderful world of decision making and biases. Our two main characters model two kinds of behavior of the brain. System 1
, always on, is the intuitive one, that makes continual judgments and assumptions. System 2
is the slower one, only called when necessary, that produces rational thinking, mathematical reasoning, and is awfully lazy. We learned that even specialists are really bad at intuitive statistics and apply the law of small numbers when they shouldn’t. Chapter 11: Anchors When we are asked to consider a possible solution to an estimation problem (eg, did Gandhi die after 100 years old?), our answer will be close to this number, like it’s
anchored to it. Even when the proposition is obviously unrelated, like with a rigged wheel of fortune. It has many consequences, like with real estate prices and every negotiation. If someone starts one with an absurd price, make a big fuss and stop it until a more reasonable offer.
Both systems cause this behavior. System 1 because of
priming (unconscious influence of a previous information). System 2 makes us start at the anchor, and then adjust, often not enough.
Btw, here are the answers to the questions, it annoyed me that they weren’t in the book. Washington became president in 1789. Waters boils at around 70°C/160°F on top of the Everest. Gandhi died at 78 years old.
Chapter 12: Availability We learn about the
availability bias. When we are asked to estimate the frequency of an event, our answer depends on how easily we can retrieve examples from our memory. The more dramatic and personal the example is, the more it works. Making people list examples increases the perceived frequency, except when you ask too much. Finding 12 examples of something is hard, and your brain will interpret the cognitive fatigue as a less frequent phenomenon.
Chapter 13: Availability, emotion and risk Our perception of risk is biased by availability and the
affect heuristic. If you feel strongly about something negative, you will evaluate the risk as stronger. It’s especially true with very small risks such as terrorism, which our brain is really bad at evaluating (it’s either ignored or given too much weight). And a recent disaster in the news will make us renew our insurance policies. There is a very negative correlation between benefit and risk in the mind of people. This means that if a technology is perceived as highly useful, you will perceive it as less risky, and vice versa.
Kahneman then presents two philosophies about risk assessment and how it affects public policy. There can be
availability cascades around public panics such as the
Love Canal controversy, fed by media frenzy and politics. Slovic thinks that risk being not objective (it depends on what parameter we prioritize, such as lives or money), the perception of the citizens should never be ignored. Sunstein wants risk experts to rule, because public pressure make the biased lawmakers prioritize the use of tax money inefficiently. Kahneman wisely stays in the middle of this merciless academic scuffle.
Chapter 14: Tom W Tom W is a fictional university student invented by Kahnmos. The goal of the exercise is to guess his specialty. The subjects are told the proportion of the students in each specialty (the
base rate, humanities being more probable than STEM), and sometimes a (dubious) psychological profile. He’s described as a nerdy asocial guy who likes bad puns, and if you’re judging him, remember you’re on reddit, so don’t throw any stone here. Most people, even specialists, will infer that Tom studies Computer Science, despite the probabilities given by the base rate, that mean it is more probable for him to study Humanities. It’s because this tells a better story (they choose
representativeness instead of base rate. Even if the added information is dubious. Once again, if system 2 is activated (eg by frowning), people will get closer to the base rate.
Kahneman then gives us advice to discipline our faulty intuitions. You just have to use
Bayes’s rule and multiply probabilities in your head! Easy. If you cannot do that, I’m sorry you’re an embarrassment to your family and country, but just remember to stay close to the base rate and question the quality of the evidence.
Chapter 15: Linda or less is more Linda is another fictional character created to make us feel bad. She’s described as a left-leaning politically engaged woman. What is more probable, that she’s a bank teller or a feminist bank teller? Most people will choose the second. The problem is that feminist bank tellers are a subset of bank tellers, so there’s less of them (all feminist bank tellers are bank tellers, whereas only some bank tellers are feminist). So it’s mathematically less probable. However, it’s more plausible, tells a causal story, so our System 1 likes it. It’s called
conjuction fallacy.
Apparently, Linda caused another controversy in the field of psychology, but Kahneman doesn’t go into details, probably to protect his readers from the gruesome imagery.
Chapter 16 Causes trump statistics We go back to a Tom-like experiment, comparing base rate to other information. When the base rate is neutral, people don’t care about it. But when it is causal and tells a story, the brain will take it into account more. The story (here, it is that a company’s cab cause most of the accidents) creates a stereotype in our head. And in this case, stereotyping helps improving the accuracy of our intuitions.
The author then discusses how to teach psychology to students. He describes the help experiment, where people isolated in booths heard a stooge pretending to die. A minority of people went to help, because of the dilution of responsibility (”someone else can do it!”). When faced to this result, most students accept it but it doesn’t really change their views, in particular of themselves. However, when shown some individuals and their choices, their ideas really evolved. Once again, we suck at statistics and love to make stories from anecdotes. But now we can hack it?
Chapter 17 Regression to the mean Every performance has a random element. That means that if someone has an exceptionally good run, in sports for instance, their results will go down in the future. The opposite is also true. This is called
regression to the mean and happens all the time when there is randomness involved. But our brains love causality and will invent a story around it. For instance, this air cadet performed better the second time because I yelled at him, not because of randomness catching up with his bad luck. That’s why we need control groups in every experiment, because many sick people will get better because of time and statistics.
Useful Links
You’ll find the questions below, feel free to add your own!
submitted by
Meia_Ang to
bookclub [link] [comments]
2024.05.15 16:01 thevred9 Rust support for lambda
I am trying to see if we can use Rust for a lambda. The client is a government client and due to several regulations they might not be willing to use something that is not in GA.
The below link says that "The
Rust runtime client is an experimental package. It is subject to change and intended only for evaluation purposes."
https://docs.aws.amazon.com/lambda/latest/dg/lambda-rust.html Is that something that should prevent me from recommending they use Rust.
One of the primary reasons for using Rust is that this has to be highly performant and must respond in sub second latency.
submitted by
thevred9 to
awslambda [link] [comments]
2024.05.15 16:00 StrikingBaseball4158 [OFFER] FULL-TIME Virtual Assistant ($5/Hr)
Hello. I am a Virtual Assistant with more than 3 years experience. I have profound skills in;
* Social Media Management and Administration
* Graphic Design
* Customer Service
* Scheduling
* Video Editing
* Research
* Lead Generation
* Digital Marketing
* Copywriting
* Organic Search
* Marketing
* Basic SEO
* Outbound Marketing
* Inbound Lead Generation
* Email Marketing
* Inbox Management
* Data Entry
Kindly DM me if you need my services.
submitted by
StrikingBaseball4158 to
DoneDirtCheap [link] [comments]
2024.05.15 16:00 Key_Regret8957 Could anyone offer me some feedback on my CV and/or Cover Letter?
| I recently applied to a job at my old university, but unfortunately wasn't invited to an interview. I'm pretty disappointed because I spent many days on the application/trying to make it as good as possible. I also thought that I had met pretty much all the minimum criteria, but maybe I didn't. I did ask them for feedback, but they said that they couldn't offer any due to the high volume of applications. I understand from the employer's perspective that they might also have other reasons (that they aren't disclosing) for not offering feedback/that it could be quite risky for them, etc. However, I think it might be helpful for me in my future job search to know whether I wasn't chosen because of something I did wrong/could have improved on that I maybe haven't realised, or whether I'm doing alright and it was just a case of better competition this time. I'm also autistic, so it can be harder for me to work these things out sometimes unless I'm explicitly told. In relation to my autism, I feel I should also mention that on the application form when it asked if I required any reasonable adjustments to the recruitment process, I said that if possible, receiving a copy of the interview questions in advance would be helpful to me. This was a suggestion I'd seen on a website with info about asking for adjustments. I was a little worried about asking for it in case it made me seem like I couldn't handle stressful situations (when really, I would've still been fine doing the interview without having the questions in advance, it just would've been easier with them). But the site said that if you were worried about them being concerned about you having an unfair advantage, you could suggest that the interview questions be given to other candidates in advance too. So I did that. I'm not sure whether me asking for that adjustment could have influenced their decision, although they did say they were Disability Confident... The job was a communications role for a program that the uni has where you can do an extra activity/course for extra credits. I did it twice when I studied there. Job criteria Essential - Ability to use own initiative to complete tasks and deadlines
- Proactively and flexibly provides support, assistance to other members of the team
- Liasies with a variety of stakeholders to disseminate information and build relations to support to the work of the project
- Review progress continually to improve effiency and to inform further planning
- Ability to support with organisation and running of events and activities
- Ability to communicate with a wide range of stakeholders including students and external suppliers
- Ability to write fluently and creatively to a specification, and to edit and suggest additions to others’ writing
- Proficiency in working with standard office IT applications (Microsoft Word, Excel, Powerpoint) as well as the ability to learn how to access and interrogate in-house systems
- Education equivalent to 5 passes at GCSE grades A-C, or NVQ level 2, or equivalent experience, showing clear evidence of literacy and numeracy
- Education equivalent to 2 A Level, or GNVQ Level 3 or equivalent experience, showing clear evidence of literacy and numeracy
- Previous experience of providing customer service in an efficient manner
- Experience of prioritising work load to meet deadlines
- The ability to work evenings and/or weekends if required
Desired - Knowledge of the project and how it operates, including experience engaging with the offer
- Familiarity with a range of social media platforms and their effective operation
- Previous experience in an administrative role that has involved engagement with a variety of stakeholders
On my cover letter and CV, I tried to give examples of how I met almost all of the criteria, which I found quite difficult to do whilst keeping it concise/avoiding being too wordy. Especially as a few of my examples are more anecdotal than quantifiable. It's difficult for me personally to get quantifiable examples for some of them due to the nature of my disability, especially teamwork/communication/customer service, so I tried to work with what I had. I'm attaching my cover letter and CV. Any advice or suggestions would be much appreciated! Cover Letter CV Page 1 CV Page 2 CV Page 3 CV Page 4 CV Page 5 submitted by Key_Regret8957 to jobs [link] [comments] |
2024.05.15 15:58 Plastic_Dog_7855 Hire me to do your data-related tasks
Hello, IT major here. I am looking for online work/gigs <3
So I can do academic commissions, writing services, and technical support but hoping to have a job related to working with data, it is what I am passionate about. I am continuously leveraging my skills and learning to use various tools in order to be proactive. Also maximizes resources online. Hire me so I could practically apply the skills I've acquired so far. I have a keen attention to detail and am resourceful. If any of you have tasks that match the description below, I hope you consider me :)
- Administrative work [data entry, maintaining record and databases, email handling tasks]
- Use of Python for data analysis, exploration, cleaning, preprocessing, and visualization tasks
- Microsoft Excel
- SQLite [querying databases and performing data manipulation tasks]
- Academic works and writing services
I have knowledge and have coded in C before, which helps me level up in a higher-level language Python and it also built up my foundation in programming. Still have a lot to learn though kaya aside from my college education, I also learn and upskill with the help of online resources. Currently, I'm on my journey to finish two online courses.
In terms of my data analysis skills, I'm not highly advanced. However, with the right tools, continuous learning, and my drive, I am confident that I can accomplish the tasks given to me.
submitted by
Plastic_Dog_7855 to
ForHireFreelance [link] [comments]
2024.05.15 15:58 laaarmusic Need help modifying m4l device to work with Live 12 and Push 2
Hello Hello, using Live 12 with Push 2,
My original post was:
In session mode, is there a way to disable the functionality of Note mode + Arrows? Which triggers clips/scenes when scrolling up/down? I would like to use the arrows just for navigation within the session
Found this device in the m4l website but it's broken
https://maxforlive.com/library/device/1905/safe-push-performance Someone commented that there's an easy fix seems like the route int will prevent a bang to the rest of the device and to propogate the id for your push (at least on live 11 with push2) - since usually your device id is 0 but thats not an int. Just edit the device and fix that up and its all good
but with no experience in building devices I'm kinda clueless.. can someone assist or offer alternative solution?
Thanks
submitted by
laaarmusic to
ableton [link] [comments]
2024.05.15 15:56 juopitz Understanding classification evaluation and its metrics: From bias and prevalence to metrics like Accuracy, Macro F1, MCC
Hi all!
a topic that time and time again pops up in my work (when doing own research, reading papers, and while teaching):
Which classification evaluation metric to pick? Or:
Why does paper use metric x for evaluation (but not y)? And other questions of the sorts.
So over the years I kept making some notes, and now I've finalized a write-up. I thought maybe it's interesting for some of you and why not share it:
https://arxiv.org/abs/2404.16958 Here's the abstract:
Classification systems are evaluated in a countless number of papers. However, we find that evaluation practice is often nebulous. Frequently, metrics are selected without arguments, and blurry terminology invites misconceptions. For instance, many works use so-called 'macro' metrics to rank systems (e.g., 'macro F1') but do not clearly specify what they would expect from such a 'macro' metric. This is problematic, since picking a metric can affect paper findings as well as shared task rankings, and thus any clarity in the process should be maximized. Starting from the intuitive concepts of bias and prevalence, we perform an analysis of common evaluation metrics, considering expectations as found expressed in papers. Equipped with a thorough understanding of the metrics, we survey metric selection in recent shared tasks of Natural Language Processing. The results show that metric choices are often not supported with convincing arguments, an issue that can make any ranking seem arbitrary. This work aims at providing overview and guidance for more informed and transparent metric selection, fostering meaningful evaluation.
Some key observations are:
- Frequently, it's not fully clear why a specific metric is used in a case.
- It's also often not really clear what "meta-metric" properties are implied by terms like “macro” in a “macro metric”. However, one wish that repeatedly occurs is that a metric should induce some sort of “balance”.
To clarify points like these, we analyze some popular metrics and their properties. Some insights are:
- Many metrics can be written more simply in terms of classifier bias and class prevalence.
- There’s two metrics called Macro F1 (!). And they measure quite differently. On the other hand, Kappa and MCC (Matthews Correlation Coefficient) are a bit like birds of the same feather.
- Macro Recall has an intuitive interpretation: It’s a series of bets with fair odds. And it's the only metric that's completely invariant to changes in class prevalence (just in case we might wish for this).
In the end, if there's only one conclusion to be drawn, then I guess it's that there's no overall perfect metric, and metrics should always be chosen sensibly given a specific context. Hope my work can help a bit with that.
submitted by
juopitz to
learnmachinelearning [link] [comments]
2024.05.15 15:56 FaizS86 Unlocking Tomorrow's Potential: Exploring the Exciting World of Future Tech
Hey Redditors,
The future is closer than we think, and with it comes a wave of groundbreaking technologies poised to revolutionize the way we live, work, and interact with the world around us. From artificial intelligence to quantum computing, futuristic innovations are capturing imaginations and driving discussions worldwide.
Here's a glimpse into some of the future tech trends that are trending right now:
- Artificial Intelligence (AI) Advancements: AI continues to push the boundaries of what's possible, with applications ranging from autonomous vehicles and virtual assistants to predictive analytics and personalized healthcare. As AI algorithms become more sophisticated and capable, they're reshaping industries, enhancing productivity, and unlocking new opportunities for innovation.
- Quantum Computing Breakthroughs: Quantum computing promises to revolutionize computing power by leveraging the principles of quantum mechanics to perform complex calculations at speeds unimaginable with classical computers. While still in its early stages, advancements in quantum computing hold the potential to solve previously unsolvable problems in fields such as cryptography, materials science, and drug discovery.
- Space Exploration and Commercialization: The space industry is undergoing a renaissance, driven by the rise of private space companies and ambitious government-led missions. From space tourism and satellite internet constellations to lunar exploration and Mars colonization, humanity's reach beyond Earth is expanding, fueled by technological advancements and entrepreneurial vision.
- Biotechnology and Genetic Engineering: Advances in biotechnology and genetic engineering are transforming healthcare, agriculture, and environmental sustainability. CRISPR gene editing technology, for example, holds the promise of curing genetic diseases, improving crop yields, and mitigating the effects of climate change by engineering resilient organisms.
- Augmented Reality (AR) and Virtual Reality (VR): AR and VR technologies are blurring the lines between the physical and digital worlds, enabling immersive experiences in gaming, entertainment, education, and beyond. As hardware becomes more affordable and content becomes more sophisticated, AR and VR are poised to become mainstream platforms for communication, collaboration, and creativity.
- Clean Energy Innovations: The transition to clean energy sources is accelerating, driven by advancements in renewable energy technologies such as solar, wind, and energy storage. From grid-scale batteries to hydrogen fuel cells, innovative solutions are emerging to address climate change and create a more sustainable future.
As we look ahead to the future, it's essential to consider the opportunities and challenges posed by these transformative technologies. Ethical considerations, regulatory frameworks, and societal implications must be carefully navigated to ensure that future tech serves the collective good and fosters a more inclusive and equitable world.
What future tech trends are you most excited about? Share your thoughts, predictions, and aspirations in the comments below. Let's explore the possibilities and shape a future that inspires and empowers us all! 🚀✨
submitted by
FaizS86 to
u/FaizS86 [link] [comments]
2024.05.15 15:53 Flat_Cress_9209 Task Manager is unresponsive on certain machines.
We are implementing MeshCentral on our clients, and I noticed that on some clients using MeshCentral Assistant I cannot use the task manager. When opening it, I lose the power to perform any other action until the user I am logged in finishes the window. Because this only occurs at some stations, we believe it is some local configuration or group policy, but regardless of what it is, we need to resolve it, because this limitation would greatly delay our services.
Portuguese: Estamos implementando o MeshCentral em nossos clientes, e percebi que em alguns clientes utilizando o MeshCentral Assistant eu não consigo utilizar o gerenciador de tarefas. Ao abrir ele, perco o poder de realizar qualquer outra ação até o usuário em que estou conectado finalizar a janela. Por isso ocorrer em algumas estações apenas, acreditamos que seja alguma configuração local ou política de group, mas independente do que for precisamos resolver, porque essa limitação iria atrasar muito nossos atendimentos.
submitted by
Flat_Cress_9209 to
MeshCentral [link] [comments]
2024.05.15 15:53 Plastic_Dog_7855 [for hire] I will do your data-related tasks
Hello, IT major here. I am looking for online work/gigs <3
So I can do academic commissions, writing services, and technical support but hoping to have a job related to working with data, it is what I am passionate about. I am continuously leveraging my skills and learning to use various tools in order to be proactive. Also maximizes resources online. Hire me so I could practically apply the skills I've acquired so far. I have a keen attention to detail and am resourceful. If any of you have tasks that match the description below, I hope you consider me :)
- Administrative work [data entry, maintaining record and databases, email handling tasks]
- Use of Python for data analysis, exploration, cleaning, preprocessing, and visualization tasks
- Microsoft Excel
- SQLite [querying databases and performing data manipulation tasks]
- Academic works and writing services
I have knowledge and have coded in C before, which helps me level up in a higher-level language Python and it also built up my foundation in programming. Still have a lot to learn though kaya aside from my college education, I also learn and upskill with the help of online resources. Currently, I'm on my journey to finish two online courses.
In terms of my data analysis skills, I'm not highly advanced. However, with the right tools, continuous learning, and my drive, I am confident that I can accomplish the tasks given to me.
submitted by
Plastic_Dog_7855 to
hiring [link] [comments]
2024.05.15 15:49 SE_Ranking SEO News: Spam update, Google I/O, GPT-4o, Apple is considering a partnership with OpenAI
Updates The anticipated second wave of the spam update has begun
But it’s a bit of a Schrödinger’s cat situation—it has and hasn’t started at the same time. Google is deliberately not rushing to notify us about anything, even though sites have already started getting penalized.
When asked why the update hasn't been announced on the dashboard, Sullivan replied that only manual actions are currently being issued, while the algorithmic part hasn't begun yet.
On the bright side, there are already cases where manual penalties have been successfully removed from sites, leading to their search visibility being restored.
To recap, this “part” of the Spam Update concerns the Site reputation abuse policy, which Google announced in March along with Scaled content abuse and Expired domain abuse. Another point that must be mentioned is that Google has recently emphasized that Site reputation abuse isn't about linking; it’s about using another domain's reputation for your own benefit.
Sources:
- Google Search Central
- Search Engine Roundtable
Interface Product review summary labels
Brief highlights of product features on review cards. Google is now showing these short summaries of reviews by placing a label over the review with one or a few words. So the labels might show "low quality," "compact," "lightweight," "performs well" and so on.
(to come) Number of shoppers next to site
Google plans to display the number of recent shoppers on your site in its search results. We’re talking about labels like "1K shopped here recently," data on which will be pulled from your Merchant Center.
The idea is to "build shopper confidence in your business."
However, many users are unhappy with their sales stats becoming publicly available even in this format. For such users, Google provides an option to opt out. But keep in mind that even then, Google will continue to use your data "to power various annotations and features that benefit your performance."
Source:
Local SEO (test) Only local listing for ‘near me’ queries
In an experiment, Google is showing only GBP listings for “X near me” queries. Not a single traditional snippet leading to websites.
Source:
Tidbits 1) Yesterday’s Google I/O presentation
The search giant has announced their new developments related to AI.
Here’s what stood out: SGE is finally going live this week under the name AI Overviews. For the time being, it will only be available to users in the US “with more countries coming soon”.
Danny Sullivan claims that the feature has almost fully been rolled out. He also mentioned that people use search more when this feature is available, and are ultimately more satisfied with the results. And all of this comes despite SGE’s earlier advice suggesting that users drink urine to treat kidney stones.
Oh, well..)
A number of other new features were announced, which will be available only for the US market in English through Search Labs:
- Ask complex questions that require multi-step planning.
- Interrupt answer generation to refine or modify your query.
- Plan ahead, like meal plans for three days.
- For broad queries, AI will group results into subcategories (see example for clarity).
- Google Lens will now work not only with photos but also with live videos—you can film something and ask questions about what's in the frame.
We must mention that OpenAI’s CEO Sam Altman decided to steal some of Google’s thunder by releasing a new product that “feels like magic” just a day before the search colossal’s I/O.
Everyone speculated about what it might be—a search engine, a voice assistant... Altman said that the team has been working extra hard on the update, and it turned out to be quite the gem.
2) The super product turned out to be GPT-4o
What makes GPT-4o so gosh darn fantastic?
The big news is that the team over at OpenAI has improved its multimodal voice assistant. Now it clearly understands text, photos, and videos.
Moreover, you can talk to the model in real-time, get it to translate conversations, understand and explain code, share your camera and ask questions about what’s in the view. To boot, I was just blown away by its ability to sing, tell stories with intonation, and keep a conversation going even if I occasionally interrupt it.
The best part? Chat mode will be free for everyone!
Plus, the API will be available at half the cost of Turbo, with five times the usage limits and twice the speed. We'll start getting access to this amazing tool in the coming weeks.
They also hinted at real-time search features, but this wasn't included in the final demo.
3) By the way, Apple is considering a partnership with OpenAI
Their goal is to make ChatGPT available on iPhones, starting with iOS 18, which will open up a whole range of AI-powered possibilities for Apple smartphone device owners.
For context, there have already been discussions that Siri “doesn't measure up” by modern standards and needs a “brain transplant.”
Sources:
- OpenAI
- Bloomberg
- The New York Times
submitted by
SE_Ranking to
SEO [link] [comments]
2024.05.15 15:46 itsjordanmbaby [For Hire] Dynamic duo of VAs, writers and more seeking new clients at reasonable rates!
Looking for someone to alleviate your overloaded to do list? Or to handle some simple tasks to make your life easier? Do you need articles written or projects finalized? Well, look no further! Our duo with about 15 years’ experience in several fields can handle most, if not all tasks given to us!
SERVICES OFFERED We offer services including: writing, editing, and content management - our team can write most types of content, fiction and nonfiction, SFW and NSFW, we edit/PR, and have been conscripted to write poetry/prose.
Here are some samples:
https://cuddl.com/babies/what-should-my-baby-eat-age-by-age-guide-to-feeding-your-baby/ https://faitaveccoeur.com/blogs/fait-avec-coeur-blog/recycling-isn-t-the-solution-to-our-waste-problem https://faitaveccoeur.com/blogs/fait-avec-coeur-blog/plastic-usage-in-the-skincare-and-beauty-industry-all-you-need-to-know-for-sustainable-living https://flewidfriendly.com/canada-plastic-ban-edible-straws/ https://jordanwrites6.wordpress.com/ - VIRTUAL ASSISTANT/SOCIAL MEDIA MANAGEMENT*
Along with our writing skills, we as a team can also handle the tasks of any virtual assistant including: message transcription, chat support, customer service, schedule organization, decluttering/de stressing support and guidance, social media management, audio and video recording, photo editing and many other tasks.
If you don't see it in the list above feel free to send a message and ask. We are also adept in all Microsoft Office programs and their Google counterparts, Photoshop, and similar.
Alongside the services offered I personally offer peer counseling services and a few limited mental health services. I have a background in clinical psych and have worked in the field going on 3 years now. My services come at very competitive rates and can help with many existential or mild issues in your day to day life which can even include helping you find a professional in your area if the problem is more severe. I can make calls, help schedule and do pretty much everything besides physically getting you to your appointment with a professional.
I also offer some tutoring, language coaching, voice acting and several other miscellaneous services that come from years of various odd jobs, hobbies, and other experience that make me a very broadly skilled person who knows a little bit of everything!
RATES AND PAYMENT Writing work - 7-10 cents/word depending on content. Extra for revisions.
VA/other work - $12-20/hour depending on the task, however there may be some tasks where a flat rate may be more suitable.
Some rates are subject to change/negotiation, so if you want a service done for cheaper than I have listed, feel free to send a message with the details and we'll consider it.
Payment is acceptable in multiple ways but PayPal and direct bank transfers are preferred. We do not accept payment in crypto. Also, I'll need at least some payment upfront.
CONTACT ME If any of the services listed have piqued your interest, send a DM and we can further connect on Discord, Skype, WhatsApp, Telegram etc. I use a variety of alls for communication, and am happy to comply with your needs.
submitted by
itsjordanmbaby to
jobbit [link] [comments]
2024.05.15 15:40 Plastic_Dog_7855 Hire me to do your data-related tasks
Hello, IT major here. I am looking for online work/gigs <3
So I can do academic commissions, writing services, and technical support but hoping to have a job related to working with data, it is what I am passionate about. I am continuously leveraging my skills and learning to use various tools in order to be proactive. Also maximizes resources online. Sana magkaroon ako ng kahit small gig so I could practically apply the skills I've acquired so far. If any of you have tasks that match the description below, I hope you consider me :)
- Administrative work [data entry, maintaining record and databases, email handling tasks]
- Use of Python for data analysis, exploration, cleaning, preprocessing, and visualization tasks
- Microsoft Excel
- SQLite [querying databases and performing data manipulation tasks]
- Academic works and writing services
- or anything online po >_<
I have knowledge and have coded in C before, which helps me level up in a higher-level language Python and it also built up my foundation in programming. Still have a lot to learn though kaya aside from my college education, I also learn and upskill with the help of online resources. Currently, I'm on my journey to finish two online courses.
In terms of my data analysis skills, I'm really not that advanced but with the right tools, continuous learning, and my drive ay maa-achieve ko yung mga tasks na ipapagawa niyo if ever.
submitted by
Plastic_Dog_7855 to
PHJobs [link] [comments]
2024.05.15 15:40 aicyberwatchindia Strengthening Cyber Defenses: The Importance of Social Engineering Assessment
In today's digital age, where businesses rely heavily on technology, cybersecurity has become paramount. With the rise of sophisticated cyber threats, it's no longer enough to merely install antivirus software or set up a firewall. Companies need comprehensive cybersecurity strategies that encompass various aspects of protection, including social engineering assessment.
At Ai Cyber Watch, we understand the critical role of
social engineering assessment in safeguarding businesses against cyber threats. Leveraging advanced techniques and technologies, we provide top-notch cyber security services in India, helping businesses stay one step ahead of potential attackers.
Understanding Social Engineering: Social engineering is a tactic used by cybercriminals to manipulate individuals into divulging confidential information or performing actions that compromise security. This could include tricking employees into clicking on malicious links, sharing passwords, or granting unauthorized access to sensitive data.
The Importance of Social Engineering Assessment: Despite advancements in cybersecurity measures, social engineering remains one of the most effective ways for attackers to breach an organization's defenses. Conducting regular social engineering assessments is crucial for several reasons:
Identifying Vulnerabilities: Through simulated social engineering attacks, organizations can identify weaknesses in their security protocols and employee awareness. This allows them to take proactive measures to strengthen their defenses.
Employee Awareness: Social engineering assessments raise awareness among employees about the various tactics used by cybercriminals. By educating staff on how to recognize and respond to phishing emails, suspicious phone calls, or other forms of social engineering, companies can empower their workforce to become the first line of defense against such threats.
Compliance Requirements: Many industries have compliance regulations that mandate regular security assessments, including social engineering testing. Failure to comply with these regulations can result in hefty fines and damage to the company's reputation.
Protecting Reputation: A successful social engineering attack can not only lead to financial losses but also damage the reputation of the targeted organization. By conducting assessments and implementing necessary security measures, companies can mitigate the risk of falling victim to such attacks and maintain the trust of their customers and stakeholders.
Our Cyber Security Services in India: At
Ai Cyber Watch, we offer a comprehensive range of cyber security services tailored to the specific needs of businesses in India. Our services include:
Social Engineering Assessment: We conduct simulated attacks to identify vulnerabilities in your organization's security posture and provide recommendations for improvement.
Penetration Testing: Our team of experts performs thorough penetration tests to identify weaknesses in your network, applications, and systems, helping you proactively address potential security risks.
Security Awareness Training: We offer customized training programs to educate your employees about the latest cyber threats and best practices for mitigating them, including how to recognize and respond to social engineering attacks.
Incident Response: In the event of a security breach, our incident response team is ready to assist you with swift and effective resolution, minimizing the impact on your business operations.
Conclusion In today's cyber landscape, no organization is immune to the threat of social engineering attacks. By partnering with Ai Cyber Watch and availing of our
cyber security services in India, you can fortify your defenses against these insidious threats. Don't wait until it's too late – take proactive steps to protect your business and safeguard your sensitive data.
For more information on how Ai Cyber Watch can help secure your business, contact us today.
submitted by
aicyberwatchindia to
u/aicyberwatchindia [link] [comments]
2024.05.15 15:35 UKNerfWar Nightingale 2.0 Review
| Performance on 3S NG2.0 - 123fps NG1.0 - 120fps Rate of fire basically the same. Volume -98dBA @30cm for both. Performance on 4S NG2.0 - 118fps Rate of fire - hilarious Volume - 101dBA (much louder) Admittedly, my chronograph testing was based on a very small sample (15 darts) but it was fairly consistent which suggests to me that it is representative. I will most definitely be doing a bigger sample of chrono testing, but with the full auto version, it's difficult to let off one dart at a time. I ended up having a pile of mags beside me with one dart in each. I'm disappointed to see that the 2.0 is basically the same as the original. 4S performance was really poor. I'm guessing that the flywheels are just spinning too fast to efficiently transfer the energy to the darts. We've seen this many times before in the community so it's disappointing to see it happening at this level. The battery compartment is much larger. I managed to squeeze a 1000mAh 3S pack in there with ease. If you're using the Nightingale as a primary and you don't want to carry spare packs, that might be of benefit to you. The NG2.0 is also 170g heavier than it's predecessor which is considerable. Most of that is going to be the metal parts that are included (rails, sling point, muzzle, maxwell), but with the battery as well, there is a huge imbalance in the blaster which makes it much less comfortable to use. Internals are essentially the same. We already knew about the 132 motors in the NG2.0 but I was hopeful there would be other notable improvements. I'm disappointed to see that the on/off switch at the back is still the same type. This was a common failure mode of the original Nightingale since the tiny switch has to take all the current drawn by the motors. With bigger motors and more current, I think we're going to see more failures here. The magazines are exactly the same but the new bumper is pretty cool. Made of some soft polymer, it will certainly stop the bottom flying off your mags when you drop them. One thing I did notice is the size of the bumper does cause issues in some tac gear. I cannot stack the mags as densely in my rig with these bumpers on. I think that's about everything. Bare in mind that the Nightingale 2.0 is going to be at least 30% mote expensive than the original, and all you seem to get for that is so metal and a larger battery compartment. I can't help but feel disappointed by this blaster which is really unfortunate. Sure it looks a bit better, but I'm afraid the benefits end about there. submitted by UKNerfWar to Nerf [link] [comments] |
2024.05.15 15:35 Plastic_Dog_7855 I will do your data-related tasks, need help?
Hello, IT major here. I am looking for online work/gigs <3
So I can do academic commissions, writing services, and technical support but hoping to have a job related to working with data, it is what I am passionate about. I am continuously leveraging my skills and learning to use various tools in order to be proactive. Also maximizes resources online. Sana magkaroon ako ng kahit small gig so I could practically apply the skills I've acquired so far. If any of you have tasks that match the description below, I hope you consider me :)
- Administrative work [data entry, maintaining record and databases, email handling tasks]
- Use of Python for data analysis, exploration, cleaning, preprocessing, and visualization tasks
- Microsoft Excel
- SQLite [querying databases and performing data manipulation tasks]
- Academic works and writing services
I have knowledge and have coded in C before, which helps me level up in a higher-level language Python and it also built up my foundation in programming. Still have a lot to learn though kaya aside from my college education, I also learn and upskill with the help of online resources. Currently, I'm on my journey to finish two online courses.
In terms of my data analysis skills, I'm really not that advanced but with the right tools, continuous learning, and my drive ay maa-achieve ko yung mga tasks na ipapagawa niyo if ever.
submitted by
Plastic_Dog_7855 to
phclassifieds [link] [comments]
2024.05.15 15:29 Tycho_Jissard MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution - PATCH: NOW
MS-ISAC CYBERSECURITY ADVISORY MS-ISAC ADVISORY NUMBER: 2024-056
DATE(S) ISSUED: 05/14/2024
SUBJECT: Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution
OVERVIEW: Multiple vulnerabilities have been discovered in Mozilla Products, the most severe of which could allow for arbitrary code execution.
- Mozilla Firefox is a web browser used to access the Internet.
- Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.
- Mozilla Thunderbird is an email client.
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
THREAT INTELLIGENCE: There are no reports that these vulnerabilities are being exploited in the wild
SYSTEMS AFFECTED: - Firefox ESR versions prior to 115.11
- Thunderbird versions prior to 115.11
- Firefox versions prior to 126
RISK: Government: - Large and medium government entities: High
- Small government entities: High
Businesses: - Large and medium business entities: High
- Small business entities: High
Home users: Low TECHNICAL SUMMARY: Multiple vulnerabilities have been discovered in Mozilla Products, the most severe of which could allow for arbitrary code execution. Details of the most critical vulnerabilities are as follows:
Tactic:
Initial Access (TA0001): Technique:
Drive-by Compromise (
T1189)
: - Multiple WebRTC threads could have claimed a newly connected audio input leading to use-after-free. (CVE-2024-4764)
- A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. (CVE-2024-4367)
- Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another application's manifest. This could have been exploited to run arbitrary code in another application's context. This issue only affects Firefox for Android. Other versions of Firefox are unaffected. (CVE-2024-4765)
- Different techniques existed to obscure the fullscreen notification in Firefox for Android. These could have lead to potential user confusion and spoofing attacks. This bug only affects Firefox for Android. Other versions of Firefox are unaffected. (CVE-2024-4766)
- If the browser.privatebrowsing.autostart preference is enabled, IndexedDB files were not properly deleted when the window was closed. This preference is disabled by default in Firefox and Thunderbird. (CVE-2024-4767)
- A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. (CVE-2024-4768)
- When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn information cross-origin. (CVE-2024-4769)
- When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. (CVE-2024-4770)
- A memory allocation check was missing which would lead to a use-after-free if the allocation failed. This could have triggered a crash or potentially be leveraged to achieve code execution. (CVE-2024-4771)
- Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2024-4777)
Additional lower severity vulnerabilities include:
- An HTTP digest authentication nonce value was generated using rand() which could lead to predictable values. (CVE-2024-4772)
- When a network error occurred during page load, the prior content could have remained in view with a blank URL bar. This could have been used to obfuscate a spoofed web site. (CVE-2024-4773)
- The ShmemCharMapHashEntry() code was susceptible to potentially undefined behavior by bypassing the move semantics for one of its data members. (CVE-2024-4774)
- An iterator stop condition was missing when handling WASM code in the built-in profiler, potentially leading to invalid memory access and undefined behavior. Note: This issue only affects the application when the profiler is running. (CVE-2024-4775)
- A file dialog shown while in full-screen mode could have resulted in the window remaining disabled. (CVE-2024-4776)
- Memory safety bugs present in Firefox 125. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2024-4778)
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
RECOMMENDATIONS: We recommend the following actions be taken:
- Apply the stable channel update provided by Mozilla to vulnerable systems immediately after appropriate testing. (M1051: Update Software)
- Safeguard 7.1 : Establish and Maintain a Vulnerability Management Process: Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.
- Safeguard 7.4: Perform Automated Application Patch Management: Perform application updates on enterprise assets through automated patch management on a monthly, or more frequent, basis.
- Safeguard 7.5 : Perform Automated Vulnerability Scans of Internal Enterprise Assets: Perform automated vulnerability scans of internal enterprise assets on a quarterly, or more frequent, basis. Conduct both authenticated and unauthenticated scans, using a SCAP-compliant vulnerability scanning tool.
- Apply the Principle of Least Privilege to all systems and services. Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack. (M1026: Privileged Account Management)
- Safeguard 4.7: Manage Default Accounts on Enterprise Assets and Software: Manage default accounts on enterprise assets and software, such as root, administrator, and other pre-configured vendor accounts. Example implementations can include: disabling default accounts or making them unusable.
- Safeguard 5.4: Restrict Administrator Privileges to Dedicated Administrator Accounts: Restrict administrator privileges to dedicated administrator accounts on enterprise assets. Conduct general computing activities, such as internet browsing, email, and productivity suite use, from the user’s primary, non-privileged account.
- Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring. (M1050: Exploit Protection)
- Safeguard 10.5: Enable Anti-Exploitation Features: Enable anti-exploitation features on enterprise assets and software, where possible, such as Microsoft® Data Execution Prevention (DEP), Windows® Defender Exploit Guard (WDEG), or Apple® System Integrity Protection (SIP) and Gatekeeper™.
- Restrict use of certain websites, block downloads/attachments, block JavaScript, restrict browser extensions, etc. (M1021: Restrict Web-Based Content)
- Safeguard 9.2: Use DNS Filtering Services: Use DNS filtering services on all enterprise assets to block access to known malicious domains.
- Safeguard 9.3: Maintain and Enforce Network-Based URL Filters: Enforce and update network-based URL filters to limit an enterprise asset from connecting to potentially malicious or unapproved websites. Example implementations include category-based filtering, reputation-based filtering, or through the use of block lists. Enforce filters for all enterprise assets.
- Safeguard 9.6: Block Unnecessary File Types: Block unnecessary file types attempting to enter the enterprise’s email gateway.
- Block execution of code on a system through application control, and/or script blocking. (M1038: Execution Prevention)
- Safeguard 2.5 : Allowlist Authorized Software: Use technical controls, such as application allowlisting, to ensure that only authorized software can execute or be accessed. Reassess bi-annually, or more frequently.
- Safeguard 2.6 : Allowlist Authorized Libraries: Use technical controls to ensure that only authorized software libraries, such as specific .dll, .ocx, .so, etc., files, are allowed to load into a system process. Block unauthorized libraries from loading into a system process. Reassess bi-annually, or more frequently.
- Safeguard 2.7 : Allowlist Authorized Scripts: Use technical controls, such as digital signatures and version control, to ensure that only authorized scripts, such as specific .ps1, .py, etc., files, are allowed to execute. Block unauthorized scripts from executing. Reassess bi-annually, or more frequently.
- Use capabilities to prevent suspicious behavior patterns from occurring on endpoint systems. This could include suspicious process, file, API call, etc. behavior. (M1040: Behavior Prevention on Endpoint)
- Safeguard 13.2 : Deploy a Host-Based Intrusion Detection Solution: Deploy a host-based intrusion detection solution on enterprise assets, where appropriate and/or supported.
- Safeguard 13.7 : Deploy a Host-Based Intrusion Prevention Solution: Deploy a host-based intrusion prevention solution on enterprise assets, where appropriate and/or supported. Example implementations include use of an Endpoint Detection and Response (EDR) client or host-based IPS agent.
- Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources. Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources. (M1017: User Training)
- Safeguard 14.1: Establish and Maintain a Security Awareness Program: Establish and maintain a security awareness program. The purpose of a security awareness program is to educate the enterprise’s workforce on how to interact with enterprise assets and data in a secure manner. Conduct training at hire and, at a minimum, annually. Review and update content annually, or when significant enterprise changes occur that could impact this Safeguard.
- Safeguard 14.2: Train Workforce Members to Recognize Social Engineering Attacks: Train workforce members to recognize social engineering attacks, such as phishing, pre-texting, and tailgating.
REFERENCES: Mozilla: https://www.mozilla.org/en-US/security/advisories/ https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/ https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/ https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/
CVE:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4367 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4764 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4765 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4766 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4767 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4768 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4769 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4770 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4771 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4772 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4773 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4774 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4775 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4776 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4777 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4778 submitted by
Tycho_Jissard to
k12cybersecurity [link] [comments]
2024.05.15 15:29 Plastic_Dog_7855 I WILL DO YOUR DATA-RELATED TASKS
Hello, IT major here. I am looking for online work/gigs <3
So I can do academic commissions, writing services, and technical support but hoping to have a job related to working with data, it is what I am passionate about. I am continuously leveraging my skills and learning to use various tools in order to be proactive. Also maximizes resources online. Sana magkaroon ako ng kahit small gig so I could practically apply the skills I've acquired so far. If any of you have tasks that match the description below, I hope you consider me :)
- Administrative work [data entry, maintaining record and databases, email handling tasks]
- Use of Python for data analysis, exploration, cleaning, preprocessing, and visualization tasks
- Microsoft Excel
- SQLite [querying databases and performing data manipulation tasks]
- Academic works and writing services
I have knowledge and have coded in C before, which helps me level up in a higher-level language Python and it also built up my foundation in programming. Still have a lot to learn though kaya aside from my college education, I also learn and upskill with the help of online resources. Currently, I'm on my journey to finish two online courses.
In terms of my data analysis skills, I'm really not that advanced but with the right tools, continuous learning, and my drive ay maa-achieve ko yung mga tasks na ipapagawa niyo if ever.
submitted by
Plastic_Dog_7855 to
onlineservicesPH [link] [comments]
2024.05.15 15:29 Tycho_Jissard MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Siemens Ruggedcom Crossbow Could Allow for Arbitrary Code Execution - PATCH NOW
MS-ISAC CYBERSECURITY ADVISORY MS-ISAC ADVISORY NUMBER: 2024-055
DATE(S) ISSUED: 05/14/2024
SUBJECT: Multiple Vulnerabilities in Siemens Ruggedcom Crossbow Could Allow for Arbitrary Code Execution
OVERVIEW: Multiple vulnerabilities have been discovered in Siemens Ruggedcom Crossbow, the most severe of which could allow for arbitrary code execution. Siemens Ruggedcom Crossbow Access Management solution designed to provide cybersecurity compliance for industrial control systems. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
THREAT INTELLEGENCE: There are no reports of these vulnerabilities being exploited in the wild.
SYSTEMS AFFECTED: - Ruggedcom Crossbow prior to Version 5.5
RISK: Government: - Large and medium government entities: High
- Small government entities: Medium
Businesses: - Large and medium business entities: High
- Small business entities: Medium
Home users: Low TECHNICAL SUMMARY: Multiple Vulnerabilities have been discovered in Siemens Ruggedcom Crossbow, the most severe of which could allow for arbitrary code execution. Details of these vulnerabilities are as follows:
Tactic:
Initial Access (
TA0001):
- The affected systems allow the upload of arbitrary files of any unauthenticated user. An attacker could leverage this vulnerability and achieve arbitrary code execution with system privileges.(CVE-2024-27939)
- The affected systems allow any authenticated user to send arbitrary SQL commands to the SQL server. An attacker could use this vulnerability to compromise the whole database.(CVE-2024-27940)
- The affected client systems do not properly sanitize input data before sending it to the SQL server. An attacker could use this vulnerability to compromise the whole database.(CVE-2024-27941)
- The affected systems allow any unauthenticated client to disconnect any active user from the server. An attacker could use this vulnerability to prevent any user to perform actions in the system, causing a denial of service situation. (CVE-2024-27942)
- The affected systems allow a privileged user to upload generic files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution. (CVE-2024-27943)
- The affected systems allow a privileged user to upload firmware files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution. (CVE-2024-27944)
- The bulk import feature of the affected systems allow a privileged user to upload files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution. (CVE-2024-27945)
- Downloading files overwrites files with the same name in the installation directory of the affected systems. The filename for the target file can be specified, thus arbitrary files can be overwritten by an attacker with the required privileges. (CVE-2024-27946)
- The affected systems could allow log messages to be forwarded to a specific client under certain circumstances. An attacker could leverage this vulnerability to forward log messages to a specific compromised client.(CVE-2024-27947)
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
RECOMMENDATIONS: We recommend the following actions be taken:
- Apply appropriate updates provided by Siemens to vulnerable systems immediately after appropriate testing. (M1051: Update Software)
- Safeguard 7.1: Establish and Maintain a Vulnerability Management Process: Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.
- Safeguard 7.4: Perform Automated Application Patch Management: Perform application updates on enterprise assets through automated patch management on a monthly, or more frequent, basis.
- Safeguard 7.7: Remediate Detected Vulnerabilities: Remediate detected vulnerabilities in software through processes and tooling on a monthly, or more frequent, basis, based on the remediation process.
- Safeguard 9.1: Ensure Use of Only Fully Supported Browsers and Email Clients: Ensure only fully supported browsers and email clients are allowed to execute in the enterprise, only using the latest version of browsers and email clients provided through the vendor.
- Apply the Principle of Least Privilege to all systems and services. Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack. (M1026: Privileged Account Management)
- Safeguard 4.7: Manage Default Accounts on Enterprise Assets and Software: Manage default accounts on enterprise assets and software, such as root, administrator, and other pre-configured vendor accounts. Example implementations can include: disabling default accounts or making them unusable.
- Safeguard 5.4: Restrict Administrator Privileges to Dedicated Administrator Accounts: Restrict administrator privileges to dedicated administrator accounts on enterprise assets. Conduct general computing activities, such as internet browsing, email, and productivity suite use, from the user’s primary, non-privileged account.
- Restrict execution of code to a virtual environment on or in transit to an endpoint system. (M1048: Application Isolation and Sandboxing)
- Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring. (M1050: Exploit Protection)
- Safeguard 10.5: Enable Anti-Exploitation Features: Enable anti-exploitation features on enterprise assets and software, where possible, such as Microsoft® Data Execution Prevention (DEP), Windows® Defender Exploit Guard (WDEG), or Apple® System Integrity Protection (SIP) and Gatekeeper™.
- Restrict use of certain websites, block downloads/attachments, block Javascript, restrict browser extensions, etc. (M1021: Restrict Web-Based Content)
- Safeguard 9.2: Use DNS Filtering Services: Use DNS filtering services on all enterprise assets to block access to known malicious domains.
- Safeguard 9.3: Maintain and Enforce Network-Based URL Filters: Enforce and update network-based URL filters to limit an enterprise asset from connecting to potentially malicious or unapproved websites. Example implementations include category-based filtering, reputation-based filtering, or through the use of block lists. Enforce filters for all enterprise assets.
- Safeguard 9.6: Block Unnecessary File Types: Block unnecessary file types attempting to enter the enterprise’s email gateway.
- Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources. Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources. (M1017: User Training)
- Safeguard 14.1: Establish and Maintain a Security Awareness Program: Establish and maintain a security awareness program. The purpose of a security awareness program is to educate the enterprise’s workforce on how to interact with enterprise assets and data in a secure manner. Conduct training at hire and, at a minimum, annually. Review and update content annually, or when significant enterprise changes occur that could impact this Safeguard.
- Safeguard 14.2: Train Workforce Members to Recognize Social Engineering Attacks: Train workforce members to recognize social engineering attacks, such as phishing, pre-texting, and tailgating.
REFERENCES:
submitted by
Tycho_Jissard to
k12cybersecurity [link] [comments]
2024.05.15 15:28 Tycho_Jissard MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution - PATCH NOW
MS-ISAC CYBERSECURITY ADVISORY MS-ISAC ADVISORY NUMBER: 2024-054
DATE(S) ISSUED: 05/14/2024
SUBJECT: Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution
OVERVIEW: Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution.
- Adobe Acrobat is a family of application software and Web services used to view, create, manipulate, print and manage Portable Document Format (PDF) files.
- Adobe Substance3D Painter is a 3D painting software that allows users to texture and add materials directly to 3D meshes in real-time.
- Adobe Substance3D Designer is a 3D design software that generates textures from procedural patterns inside node-based graphs.
- Adobe Aero is a cross platform solution that enables creatives with no coding and mininmal 3D experience to design, share, and view interactive augmented reality experiences.
- Adobe FrameMaker lets you create structured or template-based documents, review and collaborate with multiple content management systems and publish to a multitude of devices.
- Adobe Dreamweaver is a proprietary web development tool.
- Adobe Illustrator is a vector graphics editor and design software.
- Adobe Animate is used to create vector graphics and interactive content.
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights
THREAT INTELLIGENCE: There are currently no reports of these vulnerabilities being exploited in the wild.
SYSTEMS AFFECTED: - Adobe Acrobat DC 24.002.20736 and earlier versions on Windows and macOS.
- Adobe Acrobat Reader DC 24.002.20736 and earlier versions on Windows and macOS.
- Adobe Acrobat 2020 20.005.30574 and earlier versions on Windows and macOS.
- Adobe Acrobat Reader 2020 20.005.30574 and earlier versions on Windows and macOS.
- Adobe Substance 3D Painter 9.1.2 and earlier versions.
- Adobe Substance 3D Designer 13.1.1 and earlier versions.
- Adobe Aero 0.23.4 and earlier versions on Windows and macOS.
- Adobe FrameMaker 2020 Release Update 5 and earlier on Windows.
- Adobe FrameMaker 2022 Release Update 3 and earlier on Windows.
- Adobe Dreamweaver 21.3 and earlier versions on Windows and macOS.
- Adobe Illustrator 2024 28.4 and earlier versions on Windows and macOS.
- Adobe Illustrator 2023 27.9.3 and earlier versions on Windows and macOS.
- Adobe Animate 2023 23.0.5 and earlier versions on Windows and macOS.
- Adobe Animate 2024 24.0.2 and earlier versions on Windows and macOS.
RISK: Government: - Large and medium government entities: High
- Small government entities: Medium
Businesses: - Large and medium business entities: High
- Small business entities: Medium
Home users: Low TECHNICAL SUMMARY: Multiple vulnerabilities have been discovered in Adobe Products, the most severe of which could allow for arbitrary code execution. Details of these vulnerabilities are as follows
Tactic: Execution (
TA0002)
Technique: Exploitation for Client Execution (
T1203):
Adobe Dreamweaver 21.3 and earlier versions on Windows and macOS.
- Adobe Animate 2023 23.0.5 and earlier versions on Windows and macOS.
- Adobe Animate 2024 24.0.2 and earlier versions on Windows and macOS.
Adobe Acrobat:
- Use After Free. (CVE-2024-30284, CVE-2024-34094, CVE-2024-34095, CVE-2024-34096, CVE-2024-34097, CVE-2024-34100)
- Out-of-bounds Write. (CVE-2024-30310)
- Out-of-bounds Read. (CVE-2024-30311, CVE-2024-30312, CVE-2024-34101)
- Improper Input Validation. (CVE-2024-34098)
- Improper Access Control. (CVE-2024-34099)
Adobe Substance 3D Painter:
- Out-of-bounds Read. (CVE-2024-30308, CVE-2024-30309)
- Out-of-bounds Write (CVE-2024-30274, CVE-2024-30307)
Adobe Substance 3D Designer:
- Out-of-bounds Read. (CVE-2024-30281)
Adobe Aero:
- Use After Free. (CVE-2024-30275)
Adobe FrameMaker:
- Heap-based Buffer Overflow. (CVE-2024-30288)
- Out-of-bounds Write. (CVE-2024-30291, CVE-2024-30290, CVE-2024-30292)
- Buffer Overflow. (CVE-2024-30289)
- Out-of-bounds Read. (CVE-2024-30287, CVE-2024-30286, CVE-2024-30283)
Adobe Dreamweaver:
- Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'). (CVE-2024-30314)
Adobe Illustrator:
- Out-of-bounds Write. (CVE-2024-20791)
- Out-of-bounds Read. (CVE-2024-20793)
- Use After Free. (CVE-2024-20792)
Adobe Animate:
- Out-of-bounds Write. (CVE-2024-30282, CVE-2024-30296, CVE-2024-30297)
- Stack-based Buffer Overflow. (CVE-2024-30293)
- Heap-based Buffer Overflow. (CVE-2024-30294)
- NULL Pointer Dereference. (CVE-2024-30295)
- Out-of-bounds Read. (CVE-2024-30298)
RECOMMENDATIONS: We recommend the following actions be taken:
- Apply the stable channel update provided by Adobe to vulnerable systems immediately after appropriate testing. (M1051: Update Software)
- Safeguard 7.1 : Establish and Maintain a Vulnerability Management Process: Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.
- Safeguard 7.2 : Establish and Maintain a Remediation Process: Establish and maintain a risk-based remediation strategy documented in a remediation process, with monthly, or more frequent, reviews.
- Safeguard 7.6 : Perform Automated Vulnerability Scans of Externally-Exposed Enterprise Assets: Perform automated vulnerability scans of externally-exposed enterprise assets using a SCAP-compliant vulnerability scanning tool. Perform scans on a monthly, or more frequent, basis.
- Safeguard 7.7 : Remediate Detected Vulnerabilities: Remediate detected vulnerabilities in software through processes and tooling on a monthly, or more frequent, basis, based on the remediation process.
- Safeguard 16.13 Conduct Application Penetration Testing: Conduct application penetration testing. For critical applications, authenticated penetration testing is better suited to finding business logic vulnerabilities than code scanning and automated security testing. Penetration testing relies on the skill of the tester to manually manipulate an application as an authenticated and unauthenticated user.
- Safeguard 18.1 : Establish and Maintain a Penetration Testing Program: Establish and maintain a penetration testing program appropriate to the size, complexity, and maturity of the enterprise. Penetration testing program characteristics include scope, such as network, web application, Application Programming Interface (API), hosted services, and physical premise controls; frequency; limitations, such as acceptable hours, and excluded attack types; point of contact information; remediation, such as how findings will be routed internally; and retrospective requirements.
- Safeguard 18.2 : Perform Periodic External Penetration Tests: Perform periodic external penetration tests based on program requirements, no less than annually. External penetration testing must include enterprise and environmental reconnaissance to detect exploitable information. Penetration testing requires specialized skills and experience and must be conducted through a qualified party. The testing may be clear box or opaque box.
- Safeguard 18.3 : Remediate Penetration Test Findings: Remediate penetration test findings based on the enterprise’s policy for remediation scope and prioritization.
- Apply the Principle of Least Privilege to all systems and services. Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack. (M1026: Privileged Account Management)
- Safeguard 4.7: Manage Default Accounts on Enterprise Assets and Software: Manage default accounts on enterprise assets and software, such as root, administrator, and other pre-configured vendor accounts. Example implementations can include: disabling default accounts or making them unusable.
- Safeguard 5.4: Restrict Administrator Privileges to Dedicated Administrator Accounts: Restrict administrator privileges to dedicated administrator accounts on enterprise assets. Conduct general computing activities, such as internet browsing, email, and productivity suite use, from the user’s primary, non-privileged account.
- Restrict use of certain websites, block downloads/attachments, block Javascript, restrict browser extensions, etc. (M1021: Restrict Web-Based Content)
- Safeguard 2.3: Address Unauthorized Software: Ensure that unauthorized software is either removed from use on enterprise assets or receives a documented exception. Review monthly, or more frequently.
- Safeguard 2.7: Allowlist Authorized Scripts: Use technical controls, such as digital signatures and version control, to ensure that only authorized scripts, such as specific .ps1, .py, etc., files, are allowed to execute. Block unauthorized scripts from executing. Reassess bi-annually, or more frequently.
- Safeguard 9.3: Maintain and Enforce Network-Based URL Filters: Enforce and update network-based URL filters to limit an enterprise asset from connecting to potentially malicious or unapproved websites. Example implementations include category-based filtering, reputation-based filtering, or through the use of block lists. Enforce filters for all enterprise assets.
- Safeguard 9.6: Block Unnecessary File Types: Block unnecessary file types attempting to enter the enterprise’s email gateway.
- Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring. (M1050: Exploit Protection)
- Safeguard 10.5: Enable Anti-Exploitation Features: Enable anti-exploitation features on enterprise assets and software, where possible, such as Microsoft® Data Execution Prevention (DEP), Windows® Defender Exploit Guard (WDEG), or Apple® System Integrity Protection (SIP) and Gatekeeper™.
- Block execution of code on a system through application control, and/or script blocking. (M1038: Execution Prevention)
- Safeguard 2.5 : Allowlist Authorized Software: Use technical controls, such as application allowlisting, to ensure that only authorized software can execute or be accessed. Reassess bi-annually, or more frequently.
- Safeguard 2.6 : Allowlist Authorized Libraries: Use technical controls to ensure that only authorized software libraries, such as specific .dll, .ocx, .so, etc., files, are allowed to load into a system process. Block unauthorized libraries from loading into a system process. Reassess bi-annually, or more frequently.
- Safeguard 2.7 : Allowlist Authorized Scripts: Use technical controls, such as digital signatures and version control, to ensure that only authorized scripts, such as specific .ps1, .py, etc., files, are allowed to execute. Block unauthorized scripts from executing. Reassess bi-annually, or more frequently.
- Use capabilities to prevent suspicious behavior patterns from occurring on endpoint systems. This could include suspicious process, file, API call, etc. behavior. (M1040: Behavior Prevention on Endpoint)
- Safeguard 13.2 : Deploy a Host-Based Intrusion Detection Solution: Deploy a host-based intrusion detection solution on enterprise assets, where appropriate and/or supported.
- Safeguard 13.7 : Deploy a Host-Based Intrusion Prevention Solution: Deploy a host-based intrusion prevention solution on enterprise assets, where appropriate and/or supported. Example implementations include use of an Endpoint Detection and Response (EDR) client or host-based IPS agent.
REFERENCES:
submitted by
Tycho_Jissard to
k12cybersecurity [link] [comments]
2024.05.15 15:28 Pretty_Exercise_8408 Grab Effortless Success with Dell EMC D-DP-DS-23 Dumps
An online practice exam along with actual exam questions that are in PDF format and desktop test software are all available from us. Our
Dell EMC D-DP-DS-23 dumps materials include everything you require to prepare for the real test for your certificate in a just a short time. Our D-DP-DS-23 exam dumps were created by Dell EMC experts who are certified. Therefore, you'll be able to receive all of the assistance you require to clear the D-DP-DS-23 exam.
Valid D-DP-DS-23 Exam Dumps
Experienced in a real-world exam can benefit ease exam anxiety. You can self-evaluate and overcome weaknesses in preparation for the test with this practice test. Desktop Dell Data Protection Design 2023 practice exam software from our dumps needs to be installed on Windows computers. Our web-based Dell EMC D-DP-DS-23 exam dumps does not require installation of any plugins or programs. The web-based exam practice exam is accessible to users on Windows, Mac, Linux, iOS, and Android. Additionally, the practice exam software for the Dell Data Protection Design 2023 is compatible with Chrome, Firefox, Safari, Internet Explorer, and Microsoft Edge. You can study for the certification Exam while on the go with the help of these PDF dumps for the Implementation Engineer test. To prepare quickly for the test it is useful to study the exact Dell EMC D-DP-DS-23 questions.
Authentic Dell EMC D-DP-DS-23 Dumps
We give updates for our dumps Dell EMC D-DP-DS-23 dumps for free for upto three months. If you fail to pass our dumps come with the promise of a 100% refund. If you don't succeed in passing the Dell Data Protection Design 2023 exam after with our actual dumps you can claim the full amount back. You'll receive a full refund in accordance with the terms. Download a free demo of our Implementation Engineer exam product if you still have questions about it. If you're looking for reliable exam dumps to help you prepare for the Implementation Engineer exam, it's important to choose the right source.
D-DP-DS-23 Dumps By Experts
Our dumps include a variety of D-DP-DS-23 questions that you can use to boost your preparation for the Dell EMC D-DP-DS-23 exam [20242024]. If you want to improve your level of preparation, you should choose Implementation Engineer dumps [2024] to learn about the most recent exam questions. These questions will benefit you to pass the exam on the first try at a breeze and in comfort. You're talking about D-DP-DS-23 exam questions in PDF format that you can download to practice for your Dell EMC D-DP-DS-23 dumps from any locations.
Updated D-DP-DS-23 Exam Questions and Answers
If you want to pass the Implementation Engineer exam, D-DP-DS-23 exam questions from our dumps can help you prepare for the actual exam. Do your best to become the perfect version of yourself. The Dell EMC D-DP-DS-23 exam dumps are prepared by our entire dumps competent team taking into consideration all of the latest updates. Candidates can find the most effective way to get the most current Dell EMC D-DP-DS-23 dumps study materials through our dumps in the form of D-DP-DS-23 test questions.
Success Guarantee D-DP-DS-23 Dumps
We provide our customers a satisfaction guarantee and with our pdf dumps will not be a problem for you. D-DP-DS-23 pdf questions brain dumps that are comparable to the actual exam questions are accessible to our customers for a period of three months at no cost in order to focus on providing them with the best features. By offering the latest Dell EMC D-DP-DS-23 dumps help in providing candidates who wish to succeed in the exam with all the benefits.
submitted by
Pretty_Exercise_8408 to
practicequestions [link] [comments]
2024.05.15 15:26 BrilliantRoyal6445 Became a ghost writer for our top boss
My manager was very excited to have me on board, now I kind of understand why. We work in the office of the Chief Medical Officer, who is the head of 30+ health clinics in the country. Big deal.
But we are actually divided into different departments, our department's work is very specialized, the Chief has her own internal administrative team including an executive assistant. But you see, I'm drafting some of her emails. It's not the concept, she's unbelievably busy and needs help to take care of lower priority (yet still important) emails, I'm just surprised that it's coming down to me, a new hire and not even permanent I am on a contract.
What foreshadowed this is my manager always compliments my 'perfect' English, occasionally sends me things to proofread. It's not an English-speaking country, I am fluent in both the native language and English. I get it, she recognizes that as asset, I also get that as the only project coordinator in the department, getting loose ends sent my way comes with the territory. The work itself is a semi-breeze, I have a strong background in this sector and strong writing skills, I am just trying to work out whether the expectations on me are higher than others due to my language abilities and where this may start to affect my actual job description on paper. Since joining I've been given a few bigs task like creating a manual for the entire organization on a subject and my manager is pushing me to finish it, I look at an old file and figure out this has been on their to-do list for 5 years. Let's just say I am taking my sweet time.
Her and the chief had a fallout a few years ago, and now her sole mission is to regain her trust and eventually get promoted. Cool, that's most people's aim. This organization is full of power grabs, I'm sure my manager is not the worst of it.
Because of a bunch of work done by our department in the past 6 months (keeping in mind half are new hires), the chief started to trust our department more and defers more responsibility to us. My manager has been elated and feels she is on the best terms. Last week the chief sent her an urgent request which is slightly beyond our scope and my manager was away, she calls me frantically and asks me to do this request. I draft the emails and finish the report by the expected deadline. Then, all this week, the chief is asking my manager (which is me, de facto) to do similar things like draft emails and collect feedback. I took that as a job well done last week. No one knows I am doing this but my manager. See I kind of get where she's coming from, her English is not broken or anything it's just low vocabulary, I think she prefers the person with the strongest English to do these emails. It's an awkward position for everyone, she can't say no to the chief, and I am a coordinator so I am expected to do what's urgent in our department at the moment and pick up other tasks for later.
I do have a bit of imposter syndrome, and struggle to understand when I am selling myself short. My manager can be a sweet lady at times, I'm just taken aback by her competency given her position as I also proofread her emails, and I'm just starting to wonder if I should look elsewhere to flex my skills beyond being an email ghost writer.
What would you do in this situation?
submitted by
BrilliantRoyal6445 to
careeradvice [link] [comments]
http://rodzice.org/