Feed aggregator

Microsoft has instituted a new "globally consistent" performance improvement process. According to internal documents, employees flagged as underperformers now face two options: enter a performance improvement plan with "clear expectations and a timeline for improvement" or accept a "Global Voluntary Separation Agreement" worth 16 weeks' pay. Affected employees have five days to decide, and those choosing the improvement plan forfeit the severance option. The program, announced in an email from new Chief People Officer Amy Coleman, operates year-round to "address performance issues, while offering employees choice."

Read more of this story at Slashdot.

BrianFagioli writes: ARMO, the company behind Kubescape, has uncovered what could be one of the biggest blind spots in Linux security today. The company has released a working rootkit called "Curing" that uses io_uring, a feature built into the Linux kernel, to stealthily perform malicious activities without being caught by many of the detection solutions currently on the market. At the heart of the issue is the heavy reliance on monitoring system calls, which has become the go-to method for many cybersecurity vendors. The problem? Attackers can completely sidestep these monitored calls by leaning on io_uring instead. This clever method could let bad actors quietly make network connections or tamper with files without triggering the usual alarms.

Read more of this story at Slashdot.

BrianFagioli writes: ARMO, the company behind Kubescape, has uncovered what could be one of the biggest blind spots in Linux security today. The company has released a working rootkit called "Curing" that uses io_uring, a feature built into the Linux kernel, to stealthily perform malicious activities without being caught by many of the detection solutions currently on the market. At the heart of the issue is the heavy reliance on monitoring system calls, which has become the go-to method for many cybersecurity vendors. The problem? Attackers can completely sidestep these monitored calls by leaning on io_uring instead. This clever method could let bad actors quietly make network connections or tamper with files without triggering the usual alarms.

Read more of this story at Slashdot.

Frostrail from the devs of Barotrauma 'eager' to support Linux with a 'tentative yes'  GamingOnLinux

Frostrail from the devs of Barotrauma 'eager' to support Linux with a 'tentative yes'  GamingOnLinux

Frostrail from the devs of Barotrauma 'eager' to support Linux with a 'tentative yes'  GamingOnLinux

Frostrail from the devs of Barotrauma 'eager' to support Linux with a 'tentative yes'  GamingOnLinux

Frostrail from the devs of Barotrauma 'eager' to support Linux with a 'tentative yes'  GamingOnLinux

Frostrail from the devs of Barotrauma 'eager' to support Linux with a 'tentative yes'  GamingOnLinux

Frostrail from the devs of Barotrauma 'eager' to support Linux with a 'tentative yes'  GamingOnLinux

Frostrail from the devs of Barotrauma 'eager' to support Linux with a 'tentative yes'  GamingOnLinux

An anonymous reader quotes a report from the Washington Post: Oil and gas companies are facing hundreds of lawsuits around the world testing whether they can be held responsible for their role in causing climate change. Now, two scientists say they've built a tool that can calculate how much damage each company's planet-warming pollution has caused -- and how much money they could be forced to pay if they're successfully sued. Collectively, greenhouse emissions from 111 fossil fuel companies caused the world $28 trillion in damage from extreme heat from 1991 to 2020, according to a paper published Wednesday in Nature. The new analysis could fuel an emerging legal fight.The authors, Dartmouth associate professor Justin Mankin and Chris Callahan, a postdoctoral researcher at Stanford University, say their model can determine a specific company's share of responsibility over any time period. [...] Callahan and Mankin's work combines all of these steps -- estimating a company's historical emissions, figuring out how much those emissions contributed to climate change and calculating how much economic damage climate change has caused -- into one "end-to-end" model that links one polluter's emissions to a dollar amount of economic damage from extreme heat. By their calculation, Saudi Aramco is on the hook for $2.05 trillion in economic losses from extreme heat from 1991 to 2020. Russia's Gazprom is responsible for $2 trillion, Chevron for $1.98 trillion, ExxonMobil for $1.91 trillion and BP for $1.45 trillion. Industry groups and companies tend to object to the methodologies of attribution science. They could seek to contest the assumptions that went into each step of Mankin and Callahan's model. Indeed, every step in that process introduces some room for error, and stringing together all of those steps compounds the uncertainty in the model, according to Delta Merner, lead scientist at theScience Hub for Climate Litigation, which connects scientists and lawyers bringing climate lawsuits. She also mentioned that the researchers relied on a commonly used but simplified climate model known as the Finite Amplitude Impulse Response (FAIR) model. "It is robust for the purpose of what the study is doing," Merner said, "but these models do make assumptions about climate sensitivity, about carbon cycle behavior, energy balance, and all of the simplifications in there do introduce some uncertainty." The exact dollar figures in the paper aren't intended as gospel. But outside scientists said Mankin and Callahan use well-established, peer-reviewed datasets and climate models for every step in their process, and they are transparent about the uncertainty in the numbers.

Read more of this story at Slashdot.

Linux io_uring PoC Rootkit Bypasses System Call-Based Threat Detection Tools  The Hacker News

Linux 6.15 Fixes A Performance Issue For Extremely Heavy Read-Only Workloads  Phoronix

Linux systems vulnerable to a new rootkit invisible to security solutions  Cybernews

Linux 'io_uring' security blindspot allows stealthy rootkit attacks  BleepingComputer

Linux 'io_uring' security blindspot allows stealthy rootkit attacks  BleepingComputer

Linux 'io_uring' security blindspot allows stealthy rootkit attacks  BleepingComputer

Linux 'io_uring' security blindspot allows stealthy rootkit attacks  BleepingComputer

Linux 'io_uring' security blindspot allows stealthy rootkit attacks  BleepingComputer