John Garrison on LinkedIn: Best Divorce Lawyers Bakersfield, CA Of 2024 https://ift.tt/KHm8IM7 You… (2024)

The Taxes That Come out of Your Paycheckhttps://ift.tt/l7CHp5rHave you ever looked at your paycheck and wondered where all your hard-earned money goes? If you are like most people, you’ve seen that your take-home pay is often significantly less than what you would expect, given your gross salary.That’s because several withholdings, including federal income tax, state income tax, Social Security tax, and Medicare tax, come from paychecks. It’s no wonder payroll deductions are confusing for many employees.Subscribe to Kiplinger’s Personal FinanceBe a smarter, better informed investor.Save up to 74%Sign up for Kiplinger’s Free E-NewslettersProfit and prosper with the best of expert advice on investing, taxes, retirement, personal finance and more - straight to your e-mail.Profit and prosper with the best of expert advice - straight to your e-mail. To continue reading this article please register for free This is different from signing in to your print subscription Why am I seeing this? Find out more here Financevia Kiplinger Personal Finance https://ift.tt/ABpDgHnJuly 7, 2024 at 04:38PM

The Taxes That Come out of Your Paycheckhttps://ift.tt/l7CHp5rHave you ever looked at your paycheck and wondered where all your hard-earned money goes? If you are like most people, you’ve seen that your take-home pay is often significantly less than what you would expect, given your gross salary.That’s because several withholdings, including federal income tax, state income tax, Social Security tax, and Medicare tax, come from paychecks. It’s no wonder payroll deductions are confusing for many employees.Subscribe to Kiplinger’s Personal FinanceBe a smarter, better informed investor.Save up to 74%Sign up for Kiplinger’s Free E-NewslettersProfit and prosper with the best of expert advice on investing, taxes, retirement, personal finance and more - straight to your e-mail.Profit and prosper with the best of expert advice - straight to your e-mail. To continue reading this article please register for free This is different from signing in to your print subscription Why am I seeing this? Find out more here Financevia Kiplinger RSS Feed https://ift.tt/ABpDgHnJuly 7, 2024 at 04:37PM

Passkeys Aren't Foolproof: New Study Reveals Vulnerabilities in Popular Authentication Methodhttps://ift.tt/dw12jxHDespite their growing popularity, passkeys are not as secure as many believe. According to Joe Stewart, principal security researcher at eSentire's Threat Response Unit (TRU), many online accounts using passkeys can still fall victim to adversary-in-the-middle (AitM) attacks. This issue stems not from the passkeys themselves but from their implementation and the need for account recovery options.Passkeys, a password-less authentication method, aim to provide secure access to online accounts like banking, e-commerce, and social media.However, an eSentire study found that poor implementation of passkeys, such as less secure backup authentication methods, allows AitM attacks to bypass this security.In these attacks, the adversary modifies the login prompts shown to users, controlling the authentication flow by altering the HTML, CSS, images, or JavaScript on the login page.This manipulation can make the passkey option disappear, tricking users into using less secure backup methods like passwords.Stewart's research demonstrated how open-source AitM software, like Evilginx, can deceive users of services like GitHub, Microsoft, and Google. By slightly modifying scripts (phishlets) that capture authentication tokens and session cookies from real login pages, attackers can make users believe they are on the genuine site.The attacker then captures the user's credentials and authentication tokens, allowing them to maintain access to the account.The study highlights that most passkey implementations are vulnerable to similar attacks. Backup methods such as passwords, security questions, SMS codes, and email verifications are prone to AitM attacks. Only methods like social trusted contacts recovery, KYC verification, and magic links offer better protection, though they can be cumbersome.To enhance security, Stewart recommends using multiple passkeys, including a FIDO2 hardware key, which is secured by a PIN. As passkey adoption grows, magic links remain a secure backup method for account recovery in case of passkey loss or AitM attacks. While passkeys offer a promising alternative to traditional passwords, their current implementation can leave accounts vulnerable. Users and developers must adopt stronger backup methods and remain vigilant against AitM attacks.Cybervia CySecurity News - Latest Information Security and Hacking Incidents https://ift.tt/cb9EgvhJuly 7, 2024 at 02:35PM

Hacker Breaches OpenAI, Steals Sensitive AI Tech Detailshttps://ift.tt/75lbpIwEarlier this year, a hacker successfully breached OpenAI's internal messaging systems, obtaining sensitive details about the company's AI technologies. The incident, initially kept under wraps by OpenAI, was not reported to authorities as it was not considered a threat to national security. The breach was revealed through sources cited by The New York Times, which highlighted that the hacker accessed discussions in an online forum used by OpenAI employees to discuss their latest technologies.The breach was disclosed to OpenAI employees during an April 2023 meeting at their San Francisco office, and the board of directors was also informed. According to sources, the hacker did not penetrate the systems where OpenAI develops and stores its artificial intelligence. Consequently, OpenAI executives decided against making the breach public, as no customer or partner information was compromised.Despite the decision to withhold the information from the public and authorities, the breach sparked concerns among some employees about the potential risks posed by foreign adversaries, particularly China, gaining access to AI technology that could threaten U.S. national security. The incident also brought to light internal disagreements over OpenAI's security measures and the broader implications of their AI technology.In the aftermath of the breach, Leopold Aschenbrenner, a technical program manager at OpenAI, sent a memo to the company's board of directors. In his memo, Aschenbrenner criticised OpenAI's security measures, arguing that the company was not doing enough to protect its secrets from foreign adversaries. He emphasised the need for stronger security to prevent the theft of crucial AI technologies.Aschenbrenner later claimed that he was dismissed from OpenAI in the spring for leaking information outside the company, which he argued was a politically motivated decision. He hinted at the breach during a recent podcast, but the specific details had not been previously reported.In response to Aschenbrenner's allegations, OpenAI spokeswoman Liz Bourgeois acknowledged his contributions and concerns but refuted his claims regarding the company's security practices. Bourgeois stated that OpenAI addressed the incident and shared the details with the board before Aschenbrenner joined the company. She emphasised that Aschenbrenner's separation from the company was unrelated to the concerns he raised about security.While the company deemed the incident not to be a national security threat, the internal debate it sparked highlights the ongoing challenges in safeguarding advanced technological developments from potential threats.Cybervia CySecurity News - Latest Information Security and Hacking Incidents https://ift.tt/cb9EgvhJuly 7, 2024 at 02:10PM

Preserving the Flame: Agile’s Journey Through Upheavalhttps://ift.tt/Ec1LqK2In this episode of Agile Uprising, Andy Cleff, Chris Murman, and Jay Hrcsko engage in a candid, unscripted discussion about the current state of the agile community.They explore the challenges and opportunities arising from the industry’s upheaval, emphasizing the need for a shift in narrative from doom and gloom to constructive optimism.The conversation touches on the importance of unity among practitioners, the role of agile in various sectors, and the future of agile coaching.With a mix of humor and deep insights, the hosts encourage listeners to focus on building a positive, resilient future for agile methodologies.About the Agile UprisingIf you enjoyed this episode, please give us a review, a rating, or leave comments on iTunes, Stitcher or your podcasting platform of choice. It really helps others find us.Much thanks to the artistKrebsfromMachine Man Recordswho provided us our outro music free-of-charge! If you like what you heard,checkouttheselinksto find more music you might enjoy!If you’d like to join the discussion and share your stories, please jump into the fray at ourDiscord Server!We at the Agile Uprising are committed to being totally free. However, if you’d like to contribute and help us defray hosting and production costs we do have a Patreon. Who knows, you might even get some surprises in the mail!Check out this Agile Uprising podcast episode!Agile-Scrum,project managementvia AgileUprising https://ift.tt/r7xKG1sJuly 7, 2024 at 12:06PM

Qilin Attack On London Hospitals Leaves Cancer Patient With No Optionhttps://ift.tt/CAxfyKpThe latest figures suggest that nearly 1,500 medical operations have been cancelled at some of London's leading hospitals in the four weeks following Qilin's ransomware attack on pathology services provider Synnovis. But perhaps no one was more severely impacted than Johanna Groothuizen. Hanna, as she goes by, is now without her right breast after having her skin-sparing mastectomy and immediate breast reconstruction surgery swapped with a simple mastectomy at the last minute.In late 2023, the 36-year-old research culture manager at King's College London—a former health sciences researcher—was diagnosed with HER2-positive breast cancer. It's an aggressive form that requires immediate medical attention as it spreads more quickly and recurs more often. After receiving her diagnosis, Hanna promptly began a course of chemotherapy until she was well enough to undergo what is hoped to be the first and only major surgery to cure the disease.She had been informed repeatedly between then and the operation, which was set for June 7—four days after the ransomware attack—that the planned procedure was a skin-sparing mastectomy, allowing surgeons to reconstruct her right breast cosmetically right away.How the ordeal unfolded, however, was an entire different story. Doctors gave Hanna less than 24 hours to make the difficult decision of accepting a simple mastectomy or postponing a life-changing treatment until Synnovis' systems were back up. The decision was thrust upon her on Thursday afternoon, prior to her Friday surgery.This came after she was compelled to track down the medical staff for updates on whether or not the procedure would even take place. Hanna was informed on Tuesday of that week, the day after Qilin's attack, that regardless of the situation, the staff at St Thomas' Hospital in London intended to proceed with the skin-sparing mastectomy as previously agreed.Hanna requested details on Thursday, and it was strongly suggested that the procedure would be cancelled. The hospital deemed the reconstruction part of the procedure too dangerous because Synnovis was unable to sustain blood transfusions until its systems were fully operational.The ransomware attack was difficult for hospitals to deal with. The situation was so serious that blood supplies were running low barely a week after the attack, prompting an urgent need for O-type blood donations. For Hanna, however, this meant having to make a difficult decision between the surgery she wanted and the surgery that would present her the best chance of survival. The mother with two young kids, aged four and two, felt she had no choice but to undergo a routine mastectomy, leaving her with only one breast.Qilin's attack on Synnovis, a pathology services partnership involving Synlab, Guy's and St Thomas' NHS Foundation Trust, and King's College Hospital NHS Foundation Trust, occurre...

The Decline of Serverless Computing: Lessons For Enterprises To Learnhttps://ift.tt/9Ksz85JIn the rapidly changing world of cloud technology, serverless computing, once hailed as a groundbreaking innovation, is now losing its relevance. When it first emerged over a decade ago, serverless computing promised to free developers from managing detailed compute and storage configurations by handling everything automatically at the time of execution. It seemed like a natural evolution from Platform-as-a-Service (PaaS) systems, which were already simplifying aspects of computing.Many industry experts and enthusiasts jumped on the serverless bandwagon, predicting it would revolutionize cloud computing. However, some seasoned professionals, wary of the hype, recognized that serverless would play a strategic role rather than be a game-changer. Today, serverless technology is increasingly overshadowed by newer trends and innovations in the cloud marketplace.Why Did Serverless Lose Its Shine?Initially praised for simplifying infrastructure management and scalability, serverless computing has been pushed to the periphery by the rise of other cloud paradigms, such as edge computing and microclouds. These new paradigms offer more tailored solutions that cater to specific business needs, moving away from the one-size-fits-all approach of serverless computing.One significant factor in the decline of serverless is the explosion of generative AI.Cloud providers are heavily investing in AI-driven solutions, which require specialized computing resources and substantial data management capabilities. Traditional serverless models often fall short in meeting these demands, leading companies to opt for more static and predictable solutions.The concept of ubiquitous computing, which involves embedding computation into everyday objects, further exemplifies this shift. This requires continuous, low-latency processing that traditional serverless frameworks might struggle to deliver consistently. As a result, serverless models are increasingly marginalized in favour of more integrated and pervasive computing environments.What Can Enterprises Learn?For enterprises, the fading prominence of serverless cloud technology signals a need to reassess their technology strategies. Organizations must embrace emerging paradigms like edge computing, microclouds, and AI-driven solutions to stay competitive.The rise of AI and ubiquitous computing necessitates specialized computing resources and innovative application designs.Businesses should focus on selecting the right technology stack to meet their specific needs rather than chasing the latest cloud hype. While serverless has played a role in cloud evolution, its impact is limited compared to the newer, more nuanced solutions now available.Cybervia CySecurity News - Latest Information Security and Hacking Incidents https://ift.tt/1fE0P8DJuly 7, 2024 at 10:02AM

Critical npm Account Takeover Vulnerability Sold on Dark Webhttps://ift.tt/VQoyYRvA cybercriminal known as Alderson1337 has emerged on BreachForums, offering a critical exploit targeting npm accounts. This vulnerability poses a significant threat to npm, a crucial package manager for JavaScript managed by npm, Inc., a subsidiary of GitHub.Alderson1337 claims this exploit can enable attackers to hijack npm accounts linked to specific employees within organizations.The method involves embedding undetectable backdoors into npm packages used by these employees, potentially compromising numerous devices upon updates. This exploit could have widespread implications for organizational security.Instead of sharing a proof of concept (PoC) publicly, Alderson1337 has invited interested buyers to contact him privately, aiming to maintain the exploit’s confidentiality and exclusivity. If executed successfully, this npm exploit could inject backdoors into npm packages, leading to extensive device compromise.However, npm has not yet issued an official statement, leaving the claims unverified. The incident primarily impacts npm Inc., with npmjs.com being the related website. While the potential repercussions are global, the specific industry impact remains undefined.Account takeover (ATO) vulnerabilities represent severe risks where cybercriminals gain unauthorized access to online accounts by exploiting stolen credentials. These credentials are often obtained through social engineering, data breaches, or phishing attacks.Once acquired, attackers use automated bots to test these credentials across various platforms, including travel, retail, finance, eCommerce, and social media sites.Users’ reluctance to update passwords and reusing them across different platforms increase the risk of credential stuffing and brute force attacks. Such practices allow attackers to access accounts, potentially leading to identity theft, financial fraud, or misuse of personal information.To mitigate ATO attack risks, experts recommend adopting strong password management practices, including using unique, complex passwords for each account and enabling two-factor authentication (2FA) wherever possible. Regular monitoring for unauthorized account activities and promptly responding to suspicious login attempts are also crucial for maintaining account security.While Alderson1337’s claims await verification, this incident underscores the ongoing challenges posed by account takeover vulnerabilities in today’s interconnected digital landscape. Vigilance and collaboration across the cybersecurity community are essential to mitigating these threats and preserving the integrity of online platforms and services.Cybervia CySecurity News - Latest Information Security and Hacking Incidents https://ift.tt/1fE0P8DJuly 7, 2024 at 10:02AM

Why You Should Invest in Commoditieshttps://ift.tt/4ov7ix3Most investors have probably never fretted about how to add a nice stake in pork bellies or winter wheat to their portfolio. But many have lined up in Costco to buy a gold bar. All such investments are part of the broad asset class of commodities, along with crude oil, coffee, copper and more. Despite impressive run-ups in many commodities this year, some strategists say they’ve still got a long, upward run ahead of them and deserve a spot in your portfolio.That’s because commodity prices tend to ebb and flow in long cycles, largely governed by human nature, says John LaForge, head of real asset strategy at Wells Fargo Investment Institute. Commodity producers ramp up production when prices are rising, until eventually markets are saturated, or at least so well stocked that profits start to suffer. “It gets to a point where producers aren’t interested in planting an extra acre of corn or producing an extra barrel of oil,” says LaForge.Subscribe to Kiplinger’s Personal FinanceBe a smarter, better informed investor.Save up to 74%Sign up for Kiplinger’s Free E-NewslettersProfit and prosper with the best of expert advice on investing, taxes, retirement, personal finance and more - straight to your e-mail.Profit and prosper with the best of expert advice - straight to your e-mail. To continue reading this article please register for free This is different from signing in to your print subscription Why am I seeing this? Find out more here Financevia Kiplinger Personal Finance https://ift.tt/ABpDgHnJuly 7, 2024 at 09:23AM

Why You Should Invest in Commoditieshttps://ift.tt/4ov7ix3Most investors have probably never fretted about how to add a nice stake in pork bellies or winter wheat to their portfolio. But many have lined up in Costco to buy a gold bar. All such investments are part of the broad asset class of commodities, along with crude oil, coffee, copper and more. Despite impressive run-ups in many commodities this year, some strategists say they’ve still got a long, upward run ahead of them and deserve a spot in your portfolio.That’s because commodity prices tend to ebb and flow in long cycles, largely governed by human nature, says John LaForge, head of real asset strategy at Wells Fargo Investment Institute. Commodity producers ramp up production when prices are rising, until eventually markets are saturated, or at least so well stocked that profits start to suffer. “It gets to a point where producers aren’t interested in planting an extra acre of corn or producing an extra barrel of oil,” says LaForge.Subscribe to Kiplinger’s Personal FinanceBe a smarter, better informed investor.Save up to 74%Sign up for Kiplinger’s Free E-NewslettersProfit and prosper with the best of expert advice on investing, taxes, retirement, personal finance and more - straight to your e-mail.Profit and prosper with the best of expert advice - straight to your e-mail. To continue reading this article please register for free This is different from signing in to your print subscription Why am I seeing this? Find out more here Financevia Kiplinger RSS Feed https://ift.tt/ABpDgHnJuly 7, 2024 at 09:21AM