Located on the Mohawk River, Utica's vast parks and brimming cultural diversity make it a promising place for your next visit. CNET looks at the few home broadband options available in Utica.
The US Cybersecurity and Infrastructure Security Agency (CISA) has added an Apache HugeGraph-Server vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, signaling that the bug is actively being exploited in the wild.
The addition also forces federal agencies to apply a patch before the October 9 deadline, or stop using the vulnerable product altogether.
The bug in question is a remote command execution flaw in the Gremlin graph traversal language API. It carries a severity score of 9.8, and affects all versions of the software prior to 1.3.0. It is tracked as CVE-2024-27348, and it was patched months ago - in April.
Four more bugs
Besides installing the patch, users are also recommended to use JAva 11 and enable the Auth system. Furthermore, they should enable the “Whitelist-IP/port” function, since it improves the security of the RESTful-API execution, it was added.
In mid-July this year, the Shadowserver Foundation said it found evidence of the flaw’s exploitation, adding that the PoC code has been public since early June.
“If you run HugeGraph, make sure to update,” the organization said at the time.
Apache HugeGraph is an open source graph database system, supporting the storage and querying of billions of vertices and edges. Implemented with the Apache TinkerPop3 framework, it is fully compatible with the Gremlin query language, allowing for complex graph queries and analyses.
Besides the RCE flaw, CISA added another four flaws to the KEV catalog - a Microsoft SQL Server Reporting Services Remote Code Execution vulnerability (CVE-2020-0618), a Microsoft Windows Task Scheduler Privilege Escalation vulnerability (CVE-2019-1069), an Oracle JDeveloper Remote Code Execution vulnerability (CVE-2022-21445), and an Oracle WebLogic Server Remote Code Execution vulnerability (CVE-2020-14644).
Adding these bugs to the catalog doesn’t necessarily mean they are currently being exploited, BleepingComputer reports, it just means that they were being exploited at some point in the past.
Google Cloud users in the United States are getting a host of upgraded security features that should make the platform more resilient to cyberattacks.
The company announced Mandiant’s Managed Defense for Google Security Operations is now available in the country, offering users real-time threat detection and response.
The threat hunting and incident investigation feature will be integrated into Google’s built-in security operations platform.
Practical advice
Mandiant’s Managed Defense for Google Security Operations is a cybersecurity service designed to enhance threat detection, investigation, and response for organizations using Google Cloud. It combines Mandiant’s threat intelligence and expertise in incident response with Google Cloud’s security tools, such as Chronicle and Google Security Command Center.
The service offers continuous monitoring, advanced analytics, and proactive threat hunting to identify and mitigate cyber threats, and helps organizations manage their security operations effectively by providing expert guidance and reducing the burden on in-house teams.
Furthermore, by integrating with Google Cloud, the service can provide real-time insights into potential vulnerabilities.
Mandiant’s Managed Defense for Google Security Operations is a cybersecurity service designed to enhance threat detection, investigation, and response for organizations using Google Cloud. It combines Mandiant’s threat intelligence and expertise in incident response with Google Cloud’s security tools, such as Chronicle and Google Security Command Center.
The service offers continuous monitoring, advanced analytics, and proactive threat hunting to identify and mitigate cyber threats, and helps organizations manage their security operations effectively by providing expert guidance and reducing the burden on in-house teams.
Furthermore, by integrating with Google Cloud, the service can provide real-time insights into potential vulnerabilities.
The other key announcement is the introduction of Private Collection Sharing for Google Threat Intelligence, which is essentially a new way to help businesses share vital cybersecurity intelligence. By creating a secure space for data sharing, companies can discuss indicators of compromise, tactics, techniques and procedures, and more, with their peers.
“Collaboration is critical to foster true resilience when it comes to the systems and networks we rely on every day,” said Phil Venables, chief information security officer at Google Cloud.
Finally, Google announced the second edition of the Defender’s Advantage Framework, Mandiant’s cybersecurity strategy designed to help organizations improve their defense capabilities and resilience against cyber threats. It emphasizes a proactive, intelligence-driven approach to security by focusing on understanding the threat environment, prioritizing and hardening assets, building resilient security operations, preparing for the worst, and operationalizing threat intelligence.
The second edition comes with practical guides on identifying redundancies, and improving cybersecurity overall.
Announced in a Geeked Week 2024 video starring voice actor Doug Cockle, who reprises his iconic role as Geralt of Rivia from The Witcher videogame series in the forthcoming film, Sirens of the Deep won't arrive before 2024 ends. Instead, it'll now aim to cast a spell on viewers worldwide on February 11, 2025.
The movie's official release date was revealed alongside a new clip, which shows Geralt and Jaskier, another fan-favorite character from The Witcher, enjoying a meal by a campfire as they discuss Essi, a rival bard and friend of Jaskier's.
For anyone who needs to know, Sirens of the Deep is based on 'A Little Sacrifice', a short story companion piece to Andrzej Sapkowski's The Witcher book series that expands on Geralt's adventures across The Continent. Per a Netflix press blast that was released alongside the movie's official announcement in late 2023, it'll see the famous monster hunter "investigate a series of attacks in a seaside village" before Geralt "finds himself drawn into a centuries-old conflict between humans and merpeople". It'll be up to everyone's favorite mutant, and allies old and new, to prevent all-out war erupting between the land-dwelling and sea-faring kingdoms.
Joining Cockle on the voice cast roster is Christina Wren (Batman v Superman: Dawn of Justice), who'll voice Essi. Joey Batey and Anya Chalotra, who play Jaskier and Yennefer in Netflix's live-action take on The Witcher novels, will voice their respective characters in Sirens of the Deep, too.
A temporary hiatus for Netflix's flagship fantasy franchise
The Witcher season 4 is in the midst of its filming schedule(Image credit: Netflix)
With The Witcher: Sirens of the Deep not due to launch until early next year, 2024 will be the first proper year where Netflix won't release a new Witcher-Verse project.
Indeed, since The Witcher's first season debuted in late 2019, Netflix's live-action and animated retellings of Sapkowski's adored book series has always delivered something new for new and established fans to enjoy and/or bristle with frustration over. The aforementioned debut of one of the best Netflix shows notwithstanding, 2021 saw The Witcher season 2 and The Witcher: Nightmare of the Wolf unleashed on the world, 2022 gave us the critically-panned The Witcher: Blood Origin, and 2023 saw fans bid farewell to Henry Cavill after his final outing as Geralt in The Witcher season 3.
2020 was the only other year when a new Witcher production didn't see the light of day, but there were mitigating circumstances, with the pandemic heavily impacting season 2's development. If not for Covid-19, then, Netflix likely would've released a new season or standalone production, every year for the past five years.
As it stands, with Sirens of the Deep not releasing until February 2025, The Witcher season 4 in the middle of its development cycle, and The Rats' live-action spin-off being cancelled, there'll be no Continent-based jaunts for viewers to check out. Still, with The Witcher suffering from diminishing returns on the critical and commercial front, taking a year off may be a blessing in disguise. After all, thanks to the 2023 Hollywood strikes, Marvel was forced to reduce its output in 2024, and look at how the MCU's flagging fortunes have turned around as a result. Why can't Netflix's Witcher-Verse enjoy a similar renaissance period in 2025 with Sirens of the Deep and, if it's ready, The Witcher season 4?
In a bid to cut e-waste, Microsoft is employing AI-powered robots to streamline the disposal of old data center hard drives.
The initiative is part of the Secure and Sustainable Disposal of Hard Disks project, which originated during the 2022 Microsoft Hackathon. Spearheaded by Principal Data Scientist Ranganathan Srikanth, the project expands on Microsoft's Circular Centers scheme which is designed to repurpose and recycle servers and related cloud hardware.
Circular Centers are a pivotal part of Microsoft's broader environmental goals. In 2020, Microsoft President Brad Smith committed the company to being carbon-negative by 2050, with zero waste by 2030.
#NoShred
Data centers, which house computer systems and essential components like telecommunications and storage, contribute significantly to global electricity demand. In 2022 this accounted for approximately 1-1.3%, but thanks to AI, energy use is skyrocketing and is expected to at least double by 2026. The strain on local power grids is intensifying as a result, and end-of-life data centers risk clogging landfills with e-waste.
Srikanth recognized the potential to address these mounting issues through the Hackathon project. "If it was just one hard disk, it wouldn’t be an opportunity," Srikanth noted. "However, in 2022 alone, there were two million hard disks shredded and that would fill the cargo of up to nine 747s."
Historically, end-of-life hard drives have been shredded to protect sensitive data, but this process also destroys valuable materials like neodymium. Up to 70 million HDDs are destroyed annually, resulting in a significant waste of rare metals.
The Hackathon team proposed a #NoShred solution, which prioritizes dismantling HDDs with robotics. "The process uses computer vision and robotics to disassemble the hard disk, sorts them, and destroys the media that contains data. The materials are then recycled," a Microsoft narrator explained in a new video which you can watch below. By breaking down the disk drives, the robots ensure data security while preserving and recycling component parts.
Microsoft's Circular Centers employ machine learning to decommission servers onsite, sort reusable parts, and improve future equipment sustainability. A successful pilot in Amsterdam demonstrated reduced downtime, increased availability of parts, and lower carbon emissions, Microsoft says.
The Secure and Sustainable Disposal of Hard Disks project aims to achieve a 90% reuse and recycle rate of all hard disks by 2025.
With Meta Connect 2024 just around the corner – September 25-26 – I’m sharing the five announcements I most want to see at the event, as well as explaining why I think they are (or aren’t in one entry’s case) likely to happen.
Meta Connect is an annual Meta event focused on its Reality Labs division, where it reveals exciting new hardware coming our way soon and teases future hardware and software we’ll see in the coming years.
This year’s event will likely continue the trend of focusing on XR tech – a catchall for virtual, mixed, and augmented reality technologies – as well as the omnipresent AI, which in Meta’s case is inventively called Meta AI. So this list reflects those expectations, starting with an announcement that has practically already been made.
Meta Quest 3S revealed
Meta Reality Labs - Project Ventura/PantherMeta Quest 3S - Final Design pic.twitter.com/6Tc9ig2hJoAugust 11, 2024
Based on everything we know, the Quest 3S will boast the Quest 3’s Snapdragon XR2 Gen 2 chipset, but a bulkier body and lower-spec displays so it can target a lower price tag – hopefully, somewhere around the Meta Quest 2’s $299 / £299 / AU$479.
This would be an ideal headset for anyone who doesn’t want to be left behind by VR software now that Meta Quest 3 exclusives like Batman: Arkham Shadow are on the way, but isn't ready to spend ($499.99 / £479.99 / AU$799.99) on a VR headset.
Obviously, we’ll have to wait and see exactly what Meta announces during Connect, but I expect the Quest 3S could be the best and biggest reveal we get in terms of making current-gen VR accessible again.
Horizon OS is the best standalone VR operating system I’ve tried. It’s clean, intuitive, feature-rich, and home to the best standalone VR and MR software catalog, thanks, in part, to some great exclusives. I was excited to see that other headset manufacturers would be able to access this OS and all its benefits, as it would allow their hardware to shine without being let down by comparatively lackluster software.
Since the announcement, however, we’ve not heard a thing. Now, hardware does take time to develop, but at Meta Connect 2024, I’d love to see a sizzle reel showcasing these third-party headsets – or even just one of them.
One factor helping my prediction is Google’s XR platform. With Google’s XR efforts – which it developed alongside Samsung – set to be announced sometime this year a reminder from Meta that Horizon OS is open to third parties makes sense so Horizon OS doesn’t get forgotten in the noise.
Meta AR glasses teaser
(Image credit: Meta)
Meta, and the industry at large, has steadily shifted focus from VR headsets to MR headsets to AR glasses. The products being teased for the coming decade are a new breed of sleek XR wearable focused on augmented reality.
We know Meta is working on something blending AR and AI, Mark Zuckerberg has suggested as much, but we've yet to get a proper look at what these glasses might look like – ignoring the stylish non-AR smart glasses Meta has developed in partnership with Ray-Ban.
A launch this year or even next year seems unlikely. I expect we’d get a sneak peek at a prototype AR glasses model at most. Nevertheless, I’d love to finally get a good look at what Meta has been working on in AR, even at this in-development stage.
Given that Meta does like to use Connect to showcase exciting projects that are still several years (or longer) from launch, I think an AR glasses segment is more than possible for Meta Connect 2024.
Meta AI’s wider rollout and upgrades
(Image credit: Meta)
Enough about hardware, let’s talk software.
It’s been the buzzword of 2024 and I’m certain that Meta AI will have plenty of time devoted to it, however, I particularly want to see two announcements.
The first is a wider rollout. Officially, Meta AI on the Ray-Ban smart glasses and the Meta Quest 3 is only available in the US and Canada. Some users (including me) have been able to access it regardless – in my case, I have Meta AI on my smart glasses – but I want to see people outside of North America able to reliably use Meta AI. It’s a really neat assistant, especially on the Ray-Bans, and it’s a shame this major feature is region-locked right now – even if it’s not yet perfect.
The second would be to see Meta AI achieve better parity with the Apple Intelligence and Google Gemini upgrades we’ve seen at recent events, and perhaps some unique features. This could include integration with a wider selection of apps so it can pull context from more places, better speech recognition so you can talk to Meta AI more naturally, AI image editing and generation tools so you can edit snaps taken on your Ray-Ban smart glasses on the fly, or a service that lets you conjure up virtual objects you describe while using your Quest headset in a mixed reality sandbox.
A mini Quest Gaming Showcase
For my fifth and final entry, I’m picking something that seems the most unlikely because Meta Connect usually doesn’t dive too deeply into gaming: a mini Quest Gaming Showcase highlighting some new and exciting VR titles.
This year we didn’t get a proper Quest Gaming Showcase, so I’d love to see some Quest titles get a chance to shine on a big Meta stage at Connect 2024 – especially mixed reality experiences and software that doesn’t have the recognisability of major gaming franchises (like Batman: Arkham Shadow) to help draw in crowds.
Saying that, one particularly exciting announcement would be the revival of GTA: San Andreas VR following it being labeled as “on hold indefinitely” by a Meta spokesperson back in August. That announcement’s about as likely as hearing about Silksong during a Meta presentation (or any 2024 presentation for that matter, it seems) so I certainly won’t be holding my breath.
