CHINA South of Shanghai > The World's Largest Floating Solar Farm

Earth's Rotation Glitches Again, Micronova Centrifugal Breakout | S0 New...

Deeply Spiritual Torah Bright An Olympian Headstand: Celebrating Mother's Day

OK. Stand back, Guys . . .“Becoming a mother has unleashed something inside of me,” Bright wrote to her 185,000 followers.  “It’s deeply spiritual. It’s primal. It’s raw. It’s fierce. It is pure. I am mother.

“My prayer for all mothers, now and in the future is that they be heard. Honoured. Respected and encouraged to trust their intuition.”

The vast majority of responses to Bright’s post were gushing messages of support and admiration, with typical replies reading “powerful words!” and “that is one crazy and powerful photo.”

“Stop it, your head stand nursing photo is EVERYTHING,” wrote another, while others wondered how long Bright had managed to hold the pose – to which she jokingly replied “haha, just long enough!”

Aussie Olympic legend responds after being accused of ‘craving attention’ with headstand breastfeeding photo

RT International | 10:00 GMT, Jul 14, 2021

Australian Olympic snowboard icon Torah Bright has fired back at her critics after triggering a debate with a picture of herself breastfeeding while doing a headstand and dressed in her underwear.

    

Marking Mother’s Day earlier this month, two-time Olympic medalist Bright shared a series of images on Instagram of herself and young son Flow.

One picture in particular captured the imagination as it featured the 34-year-old upside down in a yoga pose as she breastfed her child.

 

 

Back Home in Arizona: BIG MONEY MAN (Peter Thiel associate) Blake Masters Starts Campaign To Challenge Mark Kelly

Game-on Arizona! Yesterday from Politico: "The Republicans running to turn back Democratic gains in Arizona and flip a critical Senate seat next year will have to fight through a protracted, expensive primary first.

The race to face Democratic Sen. Mark Kelly has swelled with new Republican entrants in recent weeks — with the latest, Peter Thiel associate Blake Masters, officially launching his campaign Monday.

Masters, a 34-year-old executive for the billionaire tech investor's firm, is backed by a $10 million super PAC investment from Thiel, and he is one of three first-time candidates in a Republican primary that also includes state Attorney General Mark Brnovich, who has twice been elected statewide, as well as businessman Jim Lamon and retired Maj. Gen. Michael McGuire. . ."

Read more >

Thiel ally's entrance kicks off protracted GOP Senate fight in Arizona

By ALEX ISENSTADT

POLITICO

=========================================================================

RELATED POST ON THIS BLOG - Use Searchbox "Blake Masters"

 

 

 

Arizona’s Republican Party has been riven by deep divisions for more than a decade, and Democrats have capitalized on that by winning key statewide races with less than 50 percent of the vote in the past two elections. Now, the crowded, cash-flush Senate primary all but assures that Republicans will be fighting over who their nominee will be for more than a year, while Kelly, who narrowly won in 2020, rakes in cash and consolidates his position

 

More

How Maersk Profits From The Chaos In Container Shipping

UpDate: HACKER BLAME GAME SEQUEL #2 (China) O No! GOTCHA AGAIN ...SolarWinds has issued a hotfix to mitigate the attacks while the company works on a permanent solution.

Yes it was just yesterday in a post about the same hack attack.

Ready for a follow-up from The Verge >

Microsoft attributes new SolarWinds attack to a Chinese hacker group

SolarWinds’ Orion management software was attacked in December 2020 Illustration by Alex Castro / The Verge

By Ian Carlos Campbell@soupsthename Jul 14, 2021, 6:03pm EDT

"Microsoft’s Threat Intelligence Center (MSTIC) reported on Tuesday that SolarWinds software was attacked with a zero-day exploit by a group of hackers it calls “DEV-0322.”

The hackers were focused on SolarWinds’ Serv-U FTP software, with the presumed goal of accessing the company’s clients in the US defense industry.

The zero-day attack was first spotted in a routine Microsoft 365 Defender scan. The software noticed an “anomalous malicious process” that Microsoft explains in more detail in its blog, but it seems the hackers were attempting to make themselves Serv-U administrators, among other suspicious activity.

Update Serv-U as soon as possible

> SolarWinds reported the zero-day exploit on Friday, July 9th, explaining that all of the Serv-U releases from May 5th and earlier contained the vulnerability.

> The company released a hotfix to address the issue and the exploit has since been patched, but Microsoft writes that if Serv-U’s Secure Shell (SSH) protocol connected to the internet, the hackers could “remotely run arbitrary code with privileges, allowing them to perform actions like install and run malicious payloads, or view and change data.”

> Anyone running older Serv-U software is encouraged to update it as soon as possible.

The first hack that shoved SolarWinds into the limelight in December 2020 exposed hundreds of government agencies and businesses.

> Unlike the previous hack, which is now widely connected to a Russian state-affiliated group of hackers called Cozy Bear, Microsoft says this zero-day attack originated in China. DEV-0322 has made a habit of attacking “entities in the US Defense Industrial Base Sector,” Microsoft writes, and is known for “using commercial VPN solutions and compromised consumer routers in their attacker infrastructure.”

___________________________________________________________________________

Microsoft discovers critical SolarWinds zero-day under active attack

Flaws allow attackers to run malicious code on machines hosting Serv-U products.

Dan Goodin -

Ars Technica | 7/12/2021, 1:25 PM

Here it is from ArsTechica:

SolarWinds, the company at the center of a supply chain attack that compromised nine US agencies and 100 private companies, is scrambling to contain a new security threat: a critical zero-day vulnerability in its Serv-U product line.

Microsoft discovered the exploits and privately reported them to SolarWinds, the latter company said in an advisory published on Friday. SolarWinds said the attacks are entirely unrelated to the supply chain attack discovered in December.

“Microsoft has provided evidence of limited, targeted customer impact, though SolarWinds does not currently have an estimate of how many customers may be directly affected by the vulnerability,” company officials wrote. “SolarWinds is unaware of the identity of the potentially affected customers.”

Only SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP—and by extension, the Serv-U Gateway, a component of those two products—are affected by this vulnerability, which allows attackers to remotely execute malicious code on vulnerable systems.

An attacker can gain privileged access to exploited machines hosting Serv-U products and could then install programs; view, change, or delete data; or run programs on the affected system. The vulnerability exists in the latest Serv-U version 15.2.3 HF1, released on May 5, and all prior versions.

SolarWinds has issued a hotfix to mitigate the attacks while the company works on a permanent solution. . .

The company says customers should install the fixes immediately.

The hotfixes are available here. Disabling SSH access also prevents exploitation.

The federal government has attributed last year’s supply chain attack to hackers working for Russia’s Foreign Intelligence Service, abbreviated as the SVR, which for more than a decade has conducted malware campaigns targeting governments, political think tanks, and other organizations in countries including Germany, Uzbekistan, South Korea, and the US. Targets have included the US State Department and the White House in 2014.

The hackers used that access to push a malicious software update to about 18,000 customers of SolarWinds’ Orion network management product. Of those customers, roughly 110 received a follow-on attack that installed a later-stage payload that exfiltrated proprietary data. The malware installed in the attack campaign is known as Sunburst. Again, SolarWinds said the exploits underway now have no connection."

 

Conway: Amid all the lies, Trump told one fundamental truth