Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
A vulnerability can reportedly connect real email addresses to anonymous ones.
Hide My Email may not be keeping your personal information fully private. This feature is an option iCloud+ subscribers can use to create an anonymous email address rather than using their own contact info. It’s used as a workaround to avoid spam and data trackers, or simply to keep personal information safe against potential future data breaches. However, according to a report by 404 Media, there is a vulnerability with this feature that allows hackers to connect users’ real email contacts to the ones created by Apple.
We’ve reached out to Apple for comment, and will update this article if we hear back.
The issue was uncovered by the team at EasyOptOuts, and according to CEO Tyler Murphy, the group contacted Apple about the issue and how to replicate it a year ago. He had some conversation with the company via email and Apple reportedly responded at various points that it was looking into the problem or that a solution was either in the works or had been deployed. However, Murphy and 404 reporter Joseph Cox were able to exploit the vulnerability for this article. The exact details of the exploit have not been disclosed due to the potential risk to Apple users.
“We don’t know why it hasn’t been fixed, but we don’t feel comfortable waiting any longer. Hide My Email users deserve to know that it may be possible for attackers to discover their hidden email addresses,” Murphy told 404. He added, “We don’t know the full scope of the issue, but in our limited tests with volunteers, 100 percent of Hide My Email addresses were exploitable.”
After living in big cities like San Francisco and New York, when I set foot in Wally World in the Midwest, I heard angels sing. Rows and rows of fluorescent lights highlighted any and every product needed for your house in one place. Screw the mom-and-pop bodega—I missed this level of convenience. If by chance they don’t have what you need in-store, there’s even more online, with pickup and delivery available.
Walmart has quite literally thousands of flash deals that change weekly, with up to 65% off tech, appliances, end-of-season, and holiday items, so be sure to check often to find the best rotating deals. And if you’re like me, I’m always searching for the best tech deals without breaking the bank. So whether you’re looking to purchase a new 17-piece non-stick cookware set, Dyson cordless vacuum cleaner, or this season’s latest clothing trends for men, women or children—Walmart is your one-stop shop for it all.
You can also enjoy great benefits with Walmart+, a paid membership that gives early access to promotions and events like Walmart Black Friday deals, free delivery, free shipping with no order minimum, savings on fuel, streaming with Paramount+, and more. You can pay monthly or annually, and you’ll get a free trial of Walmart+ for 30 days to try it out. Walmart+ Assist helps qualifying government aid recipients get a membership at a lower cost.
Walmart is pretty much the one-stop-shop for everything, including Fourth of July planning. That’s why they have discounts on thousands of products for the Fourth of July. This includes savings on tech like Bluetooth speakers, fashion like themed tees, and rollbacks on mattresses and bedding, and so much more. Make sure to check out this Walmart sale ahead of your party planning!
Did you know that Walmart basically has its own Amazon Prime-esque membership plan? It’s called Walmart+, and it’s a great option for people who shop at Walmart often. It’ll give you free grocery delivery, free shipping with no order minimum, savings on fuel, and early access to promotions and events. Plus, you can try Walmart+ free for 30 days to see if the service is right for you or your family. The annual plan is $98 (roughly $8 per month) after trial, meaning you’ll get $57 in savings annually.
If you don’t want to leave your home, Walmart offers fast delivery in as fast as an hour! You’ll just need to book a timeslot through the site to get your favorites and essentials right to your door. This even includes delivery of important refrigerated prescriptions, like Insulin, GLP-1s, antibiotics, and more. Plus, it’s great for when you’re sick and need cold/flu remedies like DayQuil, Theraflu, tea, and more.
The OnePay Walmart Spend Card is a Walmart-exclusive credit card (meaning that it can only be used at Walmart and Walmart.com). If you don’t qualify for the OnePay CashRewards Mastercard (and have poor credit scores), this is a great way to build credit history—but you won’t get the cash-back rewards of the CashRewards card. This card can not only help you build credit, but also doesn’t require an annual fee. Just know that when you apply for a OnePay Card, you will first be considered for the OnePay Cash Rewards Card, but if you don’t qualify, you’ll be considered for a OnePay Walmart Spend Card. Interested applicants can apply online at Walmart.com, the Walmart app, or in-store.
Being a Walmart+ member has tons of perks, including 5% cash back when you shop at Walmart, plus, 1.5% cash back on all other purchases with zero annual fees. And when you open a OnePay Card and spend over $75 on that card within 30 days, you’ll get an extra $35 cash back. To get these rewards, all you need to do is pay with your OnePay CashRewards Card at Walmart (or anywhere Mastercard is accepted), earn OnePay points on your purchases, and redeem for cash (or a statement credit into a OnePay Cash Account).
It can be anxiety-inducing to have a medical condition like diabetes, which needs managed care, and not to mention can get extremely expensive. (Thanks USA for not having universal healthcare!) Walmart knows that your health is a priority, and wants to make these medically necessary items cheaper for folks with diabetes. Walmart has a whole section online for (often) discounted diabetes essentials, to take the headache and guesswork out of shopping. You can get up to 35% off things like glucose monitors and insulin coolers, along with test strips, and medical bags. Plus, diabetic supplies and wearables like socks, footwear, and mobility aids are also available for fast shipping and most are FSA/HSA eligible.

Mike Shake has spent years exploring the edges of what simple materials can do when pushed hard. His latest project takes compressed air and turns it into a directed force that moves tables, destroys targets, and leaves visible clouds in its wake. The device is not a gun in the usual sense. It contains no powder or projectile. Everything comes from the sudden release of air stored at extreme pressure inside a sturdy tank.
A few months ago, he put small cartridges through their paces, loading them to the gills at over 1000 pounds per square inch, producing a strong shockwave that could easily blast through a light object. The next challenge to answer was what would happen if the volume of air increased dramatically while releasing at the same rate. The solution arrived in the form of a three-liter tank capable of withstanding 4500 pounds per square inch pressure. At maximum pressure, that tank is essentially full to the brim with the equivalent of about 920 liters of air at normal pressure, and all that air is just aching to explode out the instant the valve is released.
Sale
The tank was only half the battle; the true engineering issue was ensuring that the air exited the tank quickly enough to create a good shockwave rather than a drawn-out whoosh. A conventional ball valve can easily empty a tank, but twisting the handle slowly causes the pressure to gradually seep off. But the shockwave requires the entire thing to go in a fraction of a second; else, it’ll be a feeble dribble. Mike rectified the problem by attaching thick rubber bands to the valve lever, similar to those seen on spearguns. Stretched out to more than three times their typical length, these bands deliver approximately 90 pounds of force. To ensure that force is not wasted, Mike created a bespoke metal lever and aluminum stop to keep the pull angle as efficient as possible. He then used his 3D printer to create the grip and trigger housing, leaving the tricky bits, such as the metal pieces that would be under the most strain, to the local machinists to supply.

Filling is simple; just hook up a quick-disconnect connection to a water-cooled PCP compressor and you’re ready to go. Outdoors, a small gasoline generator kicks in to power the compressor, and once the tank is full, forget about the pressure slipping away; it’ll hold rock solid, dropping by only about 30 psi after a couple of minutes at maximum fill, which is important when you have to pull the trigger without being right next to the business end. Before deploying the larger guns, they conducted preliminary testing with a much smaller tank to fine-tune the time without putting anyone in danger. Time slowed dramatically, and they could see that the valve required to rotate in essentially one frame, after which it was only a matter of tweaking with the band tension and rope length to get it to go ‘whoosh’ rather than a wimpy puff.
Once they were satisfied with the mechanism, they upgraded to a medium tank and began making good progress right immediately. They blasted a watermelon sitting at a distance, sending a visible column of pressurized air whooshing out, and the recoil was severe enough to knock the shooter backwards. Encouraging, but partly because they understood the final version would require some major safety precautions if they wanted to keep themselves safe.

So, for the three-liter cannon, they simply bolted it to a large table and weighted it with a 40-kilo pail of sand for good measure. A long connection led out to a remote trigger, so no one had to be around while the thing went off. When the valve sprang open, the table legs cracked beneath the pressure, and the entire thing flung itself around 10 meters across the ground, scattering sand in all directions. It sounded as loud as a gunshot, and anyone standing nearby was caught in the blast.
It was put to good use by some too eager targets. A watermelon that got in the path vanished in an instant, leaving a massive mess of fragments all over the place. A ballistic dummy head lost its face and was left looking quite battered. Okay, maybe not the most delicate demonstration, but these were controlled tests of what happens when you release a large amount of pressure correctly.

You also get some extremely visible effects, such as how air rushes out of the cannon at tremendous speeds, resulting in a large cloud of water vapor right quickly. The interesting part is that this cloud is simply ordinary water in the surrounding air condensing onto itself as the air becomes unexpectedly cold, as you can see in the diamond-shaped patterns (known to techheads as Mach diamonds) as it passes by. That is the same kind of thing you see trailing behind a supersonic airplane. No smoke, just frigid air.
Indian serial entrepreneur Bhavin Turakhia is making a $30 million personal bet that there is still room for another enterprise AI company. His new venture, Neo, is built on a simple premise: workplace software designed before the AI era cannot simply be upgraded with chatbots — it has to be redesigned from the ground up.
Turakhia, 46, is no stranger to ambitious enterprise technology bets. Over the past two decades, he has co-founded companies including Directi, Radix, Titan, and banking software firm Zeta, largely backing them with his own cash before bringing in outside investors. He’s doing the same with Neo.
Turakhia told TechCrunch he is bootstrapping this much money because he believes AI marks a technology shift significant enough to justify rebuilding workplace software from scratch.
“If you want to build an iPhone, you can’t take the parts of a Nokia and somehow convert it into an iPhone,” he said.
Launched internally in April this year, Neo is an enterprise work platform that combines project management, documents, file storage, and AI into a single product. The goal, Turakhia said, is to make AI an active participant in day-to-day work rather than just another assistant employees turn to separately.
Turakhia argued most incumbents face a structural disadvantage when adding AI to products designed before generative AI. Neo, he said, was designed from the ground up for AI and is model-agnostic, allowing enterprises to switch between AI models rather than being tied to a single provider.
He’s not alone in thinking this way. Investor Chamath Palihapitiya initially launched enterprise AI coding venture 8090 with his own capital before raising a $135 million funding round this week.
Still, Turakhia’s bet comes as enterprise AI has emerged as one of the most competitive areas in technology. Microsoft, Google, and Salesforce are embedding AI across their workplace software. Meanwhile every startup from the giant labs like Anthropic and OpenAI, to the productivity companies like Notion and Superhuman are racing to reshape how businesses use AI in their daily workflow.
Turakhia argued enterprise software has never been a winner-takes-all market, saying even a small share of global enterprise AI spending would represent a sizeable company.
“Even if we end up with 2% to 5% market share, that’s larger than anything I’ve built so far,” he said.
For the past few months, Neo has been in internal use across Turakhia’s companies, including Zeta. The company plans to begin rolling out the software to mid-sized businesses in the coming months, initially targeting knowledge workers across technology, consulting, and professional services firms.
Turakhia said Neo’s initial platform was built in three months, with AI extensively used in the development process, work he estimates would have taken more than a year with a much larger engineering team before generative AI.
The Bengaluru-based startup currently employs about 45 people, including 18 engineers. Turakhia told TechCrunch that it expects to grow to around 100 employees by the end of the year, with most new hires focused on AI and software engineering.
When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.
Looking for the most recent Mini Crossword answer? Click here for today’s Mini Crossword hints, as well as our daily answers and hints for The New York Times Wordle, Strands, Connections and Connections: Sports Edition puzzles.
Need some help with today’s Mini Crossword? Read on for all the answers. And if you could use some hints and guidance for daily solving, check out our Mini Crossword tips.
If you’re looking for today’s Wordle, Connections, Connections: Sports Edition and Strands answers, you can visit CNET’s NYT puzzle hints page.
Read more: Tips and Tricks for Solving The New York Times Mini Crossword
Let’s get to those Mini Crossword clues and answers.
The completed NYT Mini Crossword puzzle for July 2, 2026.
1A clue: The “A” of G.P.A.: Abbr.
Answer: AVG
4A clue: Fashion’s Oscar ___ Renta
Answer: DELA
6A clue: Waterways traveled by gondola in 2-Down
Answer: CANALS
8A clue: The Ponte di Rialto in 2-Down, e.g.
Answer: BRIDGE
9A clue: Remove, as nails from a cat
Answer: DECLAW
10A clue: Pair of peepers
Answer: EYES
1D clue: On ___ (how some pranks are done)
Answer: ADARE
2D clue: Italian city that’s the subject of this puzzle
Answer: VENICE
3D clue: “More than happy to!”
Answer: GLADLY
5D clue: Pond scum
Answer: ALGAE
6D clue: Relaxant in some edibles, for short
Answer: CBD
7D clue: Stitches together with needle and thread
Answer: SEWS
Kubota North America Corporation disclosed that hackers had access to some of its network systems for more than a month earlier this year.
Following an investigation into the incident, the company determined that between March 16 and April 20 the threat actor accessed files with personal information for employees and their dependents.
Kubota is a Japanese industrial manufacturer known for its agricultural and construction equipment. It operates in 120 countries, employs more than 52,000 people, and has a reported annual revenue of $20 billion.
Its North American division includes facilities that produce tractors, mowers, and utility vehicles.
According to the announcement posted on the Kubota USA site, the following employee data may have been exposed:
The exact data types exposed vary per individual, and Kubota started sending personalized notifications via email on June 30, informing each individual about the specific impact on them.
The notifications include instructions for enrolling in Kroll identity protection to help victims mitigate the risks arising from the exposure of their sensitive data.
In the letters, Kubota specifically advises recipients to monitor healthcare-related statements, as well as bank accounts, and to immediately report any suspicious activity to the authorities.
Kubota says it has implemented additional security measures to prevent similar incidents in the future.
At the time of writing, no data extortion groups or ransomware gangs have assumed responsibility for the attack at Kubota.
The company did not mention facing any operational or business disruptions as a result of this incident.
BleepingComputer has contacted Kubota to ask for more information about the perpetrators and the nature of the attack, but we have not received a response by publication time.
Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
Focal is not easing into Q3 2026. The French manufacturer has already made serious noise with the Mu-so Hekla, its ambitious all-in-one Dolby Atmos system that is currently under review, unveiled the $210,000 Diva Alta Utopia wireless flagship, and mounted one of the busiest and most talked-about demonstrations at AXPONA 2026. That is a rather muscular start to the year, even for a company that has never been particularly interested in playing small.
Now comes the Scala Utopia Evo M, a substantial evolution of one of Focal’s defining passive loudspeakers. This is not a cosmetic refresh with a fresh lacquer option and a revised brochure. Built in France and retaining the Scala’s distinctive three-way architecture, the new model introduces Focal’s PRISM tweeter and M-profile W midrange driver, technologies drawn from the company’s newest wireless and professional monitor developments.
The goal is straightforward enough: greater midrange transparency, lower distortion, more controlled treble, and an even more convincing sense of musical scale from a loudspeaker that has long been one of the more recognizable statements in high-end audio.
The Scala Utopia Evo M retains the familiar three-way, bass-reflex architecture of the outgoing Scala, but Focal has reworked almost every part that matters: the drivers, crossover, cabinet tuning, and mechanical structure. The result is still unmistakably a Scala, with its compact-for-Utopia proportions and multi-cabinet silhouette. If you expected anything less from Focal, whose idea of restraint is usually limited to the grille cloth, you have not been paying attention.

At the heart of the update is a new 5-inch reinforced W-cone midrange driver with an M-profile diaphragm, borrowed from Focal’s Utopia Main professional monitor range. The driver combines the company’s composite W sandwich construction with the one-piece M-profile geometry, TMD suspension, a neodymium motor, and an 80mm voice coil.
Focal’s objective is a cleaner, more linear midrange with lower distortion and greater control at higher listening levels. Considering how much of the music lives in the midband, that is exactly where an update to a loudspeaker at this level should begin.
The Scala Utopia Evo M also receives Focal’s new 27mm PRISM M-profile inverted-dome tweeter, first introduced in the Diva Alta Utopia wireless flagship. PRISM, short for Photon-Refined Intelligent Structured Membrane, uses a multi-material diaphragm and micro-structured construction that Focal says provides greater rigidity than beryllium while preserving the low mass and damping needed for refined high-frequency reproduction.
It is paired with Focal’s IAL2 Infinite Acoustic Loading system, which lowers the tweeter’s resonance frequency to 528Hz and allows for a claimed extension to 40kHz.

The 11-inch W-cone woofer has also been redesigned, using a 16cm dual-ferrite motor and more precise laser cutting of its composite sandwich diaphragm. It works with a large laminar port intended to move air without the chuffing, compression, and general bad behavior that can undermine bass performance when a speaker is pushed hard.
Focal rates the Scala Utopia Evo M down to 27Hz within ±3dB, with a 24Hz low-frequency point at -6dB. That does not turn a Scala into a Grande Utopia, nor should it. But it suggests real low-frequency authority from a loudspeaker that remains more manageable in a domestic room than the larger models above it in the range. Anyone who has spent time with Focal’s biggest Utopia models already knows that the company does not do bass-light. Croissants may be delicate, flaky, and full of air; Focal’s bass is more cassoulet: dense, substantial, and absolutely not leaving the table quietly.

The revised OPC+ crossover uses high-grade components, large-section internal cabling, and four insulated WBT binding posts that support bi-wiring or bi-amping. More importantly, it provides user adjustment for bass, midrange, and treble, with the bass and treble controls offering ±1dB adjustment. That is not room correction, and Focal is not pretending otherwise, but it gives owners a useful way to fine-tune the Scala’s balance without turning the listening room into a laboratory.
Focal has also retained the structural thinking that has long defined the Utopia range. The Gamma structure employs high-density MDF panels up to 60mm thick, with a heavy, vibration-controlled framework shaped through vibration mapping. Focus Time mechanically aligns the drivers toward the listening position to improve time alignment, while the separate cabinet sections help preserve phase coherence between the bass, midrange, and treble drivers.

The Scala Utopia Evo M remains a very French loudspeaker in both execution and attitude. Its cabinets are made by Focal’s cabinetmakers in Burgundy, while the drivers are manufactured in Saint-Étienne. That level of vertical control matters at this price, particularly when a product is relying on very specific driver geometry, cabinet tolerances, crossover settings, and cosmetic execution to justify itself.
Focal will offer five finishes. Black High Gloss, Off White High Gloss, and Warm Taupe High Gloss are priced at $50,000 USD per pair, or $58,000 CAD. Light Walnut with an Off White front panel and Dark Walnut with a Sepia Brown front panel rise to $56,000 USD per pair, or $64,000 CAD. Availability begins in August 2026.
Focal is also positioning the Scala Utopia Evo M as a natural partner for Naim electronics. That makes sense. A speaker with 92dB sensitivity and a 3-ohm minimum impedance is not especially difficult to drive on paper, but it deserves amplification with substantial current delivery and control. Focal recommends amplifiers rated between 50 and 500 watts per channel, which leaves plenty of room for a serious Naim system, or alternatives from the usual high-end suspects with enough grip to keep the redesigned woofer in check.

The Scala Utopia Evo M is not a revolution in the sense of abandoning everything that made the Scala successful. It is a carefully targeted evolution that brings Focal’s newest professional-monitor and wireless-speaker developments into one of its most recognizable passive loudspeakers. At $50,000 per pair, it had better be more than a fresh coat of lacquer; the new PRISM tweeter, M-profile midrange, adjustable crossover voicing, and redesigned dual-ferrite woofer suggest that Focal has taken the assignment rather seriously.
What makes the Scala Utopia Evo M especially interesting is that it offers much of Focal’s latest Utopia thinking in a loudspeaker that is still more realistic for a proper listening room than the enormous Grande Utopia. It is for buyers who want genuine full-range scale, visual presence, and the ability to fine-tune the speaker to the room, but who do not have a ballroom, a dedicated equipment room, and a casual relationship with six-figure system costs.

Do not mistake the 92dB sensitivity for an invitation to connect a Uniti Atom and call it a day. The Scala’s 3-ohm minimum impedance and $50,000 price tag demand an amplifier with real current delivery, grip, and refinement. Naim’s New Classic 300 Series, particularly an NSS 333 and NSC 222 with NAP 250 or NAP 350 amplification, is far closer to the intended neighborhood than Naim’s 40-watt Uniti Atom. Focal and Naim may share the same corporate address, but this is not a speaker designed for a compact all-in-one system.
The Scala Utopia Evo M is for established high-end listeners building a serious two-channel system around equally serious electronics. It will appeal to existing Scala owners looking for a meaningful step forward, but also to buyers who want modern Focal technology, hand-built French execution, and bass that behaves less like a feather-light croissant than a cast-iron cassoulet: deep, dense, and not remotely interested in being delicate.
IDA chairperson Feargal O’Rourke said results indicate that the agency’s strategy is working despite an ‘increasingly turbulent world’.
Qualcomm, Apple and Monzo are among the 190 global businesses that made Irish investments in the first half of this year. Collectively, these deals are expected to create nearly 10,500 jobs, according to data from IDA Ireland.
Agency chairperson Feargal O’Rourke said that this quarter’s “very positive results” and last year’s “record performance” indicate that the agency’s five-year strategy ‘Adapt Intelligently’ is “fit for purpose” in an “increasingly turbulent world”.
The agency, which facilitates foreign investments in Ireland, reported that investment activity over H1 pointed to a “strong concentration” of next-generation technology projects.
During that time, companies including Trading 212 and Block selected Ireland as their European launchpad and a base for regional headquarters.
Among the 190 investors, 54 are first-timers, while nearly 40 companies expanded their existing operations, IDA said.
Several hundreds of millions of euros were invested regionally so far this year, including Novo Nordisk’s €432m spend to expand its manufacturing capacity in Athlone and Qualcomm’s €125m investment to further develop its Cork site. 52pc of the total investments made by IDA client companies consist of regional projects.
AI makes an unsurprising appearance in the data, with major investments from Anthropic, which announced 200 jobs as part of its Dublin expansion, and Rippling, which opened a new Dublin office to create 150 jobs to meet demand for AI-native workforce intelligence across EMEA.
Marketing automation company Klaviyo announced in April that it was building out its engineering team in Dublin, after previously announcing 100 jobs. US software company MongoDB also announced 200 jobs in the same month amid a multimillion-dollar push towards agentic AI applications.
Fintech was particularly active in the first half of this year, with investments from Currenxie, Monzo, CoinJar and Qashio. IDA Ireland said that the activity indicated the country’s “clear strength” in fintech and digital finance.
Canadian enterprise data management company OpenText committed €105m to its Cork and Galway sites last month to create 400 new jobs, marking the single largest investment into Ireland by a technology company headquartered in Canada.
Investment activity during H1 2026 was at a faster pace than overall numbers for 2025, when IDA supported 323 investments into Ireland with commitments for more than 15,000 jobs.
“IDA Ireland’s 2025 results and the investment pipeline secured in the first half of 2026 demonstrate the continued strength of Ireland’s FDI proposition and the confidence global companies have in Ireland as a location to establish, scale and transform,” said IDA CEO Michael Lohan.
“The breadth of investment across technology, life sciences, engineering and financial services sectors, alongside strong regional performance and significant transformational undertakings, reflects the depth of Ireland’s talent, capability and enterprise ecosystem.
“Our focus remains on competing strongly for the next generation of investment and ensuring FDI continues to deliver impact across all regions for the Irish economy.”
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.
Security
Fortunately, they were professional red teamers. Unfortunately, they pwned the network
PWNED Welcome back to PWNED, the column where we document serious security failures in hopes we can all learn from others’ mistakes. This week, we’ll talk about how a lack of physical security can allow threat actors to take control of your network.
Have a story about someone leaving a gaping hole in their network? Share it with us at pwned@sitpub.com. Anonymity is available upon request.
Our story comes to us from two professional red teamers, who get paid to break into offices and networks in order to find holes in the security system. Kristopher Johnson was working as an offensive security consultant at Echelon Risk + Cyber in 2023 and his manager was Dahvid Schloss. We spoke to both.
Johnson and another employee named Michael were called upon to challenge the security at a client’s office while Schloss supervised remotely. It was winter and the maintenance crew had the maintenance door open. They walked through it and into the mail room, where a woman confronted them and asked what they were doing there.
The two intrepid testers talked to the company maintenance crew and told them that they were new IT employees without working badges. They said that they had almost slipped on the ice and offered to help shovel, an offer the maintenance team was happy to take them up on.
While Michael kindly helped the maintenance crew shovel snow, Johnson asked if the maintenance folks could let him in so he could go upstairs and start setting up Michael’s laptop for work. They let him in where he was free to explore the building as his partner brushed away a large section of ice and snow.
Inside the building, Johnson looked for a place to plug in his Raspberry Pi. The idea was to connect this single-board computer to the network, where they could access it remotely and use it to attack the network from afar. He tried plugging his Raspberry Pi into an Ethernet port in the AV closet, but the company had network access control enabled, which prevented it from connecting. The Raspberry Pi had an LTE radio, but it couldn’t connect from the closet either.
So Johnson instead moved his Raspberry Pi into the middle of the conference room and found an active network port that didn’t have network access control enabled on it. However, he realized the Pi would be visible to anyone who entered the conference room, and they might find it suspicious. So he took some trash cans and used them to hide the device.
Johnson had a hard time getting out of the building after that. He tried to go out the front door, but it required him to swipe a badge he didn’t have and strangers would not swipe their badges for him. But when he went back through the maintenance entrance, they were more than happy to swipe him out. He waited in the car while Michael finished his shoveling assignment.
The next day, Johnson found out that his security breach had been detected. When he and Michael came in to meet with their contact at the company, the head of security confronted them. They had been “caught” because someone from maintenance went up to the IT department and wanted to thank the IT team for Michael’s help with the shoveling. However, the IT team had no record of new employees named Michael or Kristopher, so that raised suspicion.
Before learning that they were professional red teamers, the building security had been suspicious and had looked at camera footage tracking their movements. They had even tried to get information on the license plate from Johnson’s rental car. However, they never did find the Raspberry Pi, which remained plugged into the Ethernet port in the conference room for two weeks.
During that time, Johnson’s team was able to connect to the company’s Active Directory, find where the domain controllers were, and start password spraying accounts to see if they could gain access. They tried using the password “winter2023!” and got 50 or 60 hits among the employees.
“So we used those credentials to kind of map out the rest of the network,” Johnson told The Register. “Network shares and things like that and then, towards the end of the test, we enumerated the certificate services – ADCS (Active Directory Certificate Services).”
The red teamers found eight templates that were open to ESC1 and ESC4 vulns. They also found that the certificate authority was vulnerable to ESC8. They were then able to exploit those holes to gain domain administrative access. The janitor found the Raspberry Pi two weeks after they broke in, but by then it was too late.
There are a lot of lessons here, but they start with training every member of the team to be suspicious of people coming from the outside, without badges, no matter what they say or do. Schloss noted that, if someone looks and acts like they belong in a space, most people will treat them that way.
“First and foremost, what most people believe is crime is not crime. It’s a Hollywood myth of what crime looks like,” Schloss told us. “I call it the ski mask bias. Everyone assumes you’re not getting robbed until a person comes in with a ski mask and a gun yelling.”
The maintenance team at this company should have been more suspicious of people calling themselves new employees and asking for a swipe in, even if they were willing to help shovel snow.
The company also should have restricted network access to the port in the conference room so that an unknown device like a Raspberry Pi could not make an Ethernet connection from that spot.
Finally, the company should have enforced a strong password policy that would have prevented our heroes from finding dozens of accounts with “winter2023!” as the password. And they should have enforced multi-factor authentication on those accounts as well. ®
Like other online travel agencies, Booking .com helps you find discount rates for airline tickets, cruises, hotel stays, car rentals, and packages. We at WIRED regularly post updates with the newest Booking .com promo codes for discounts on car rentals, last-minute hotel bookings, and other travel-related expenses, including a deal for 50% off stays and free cancellation when you sign up at Booking .com. Whether you want to grab an apartment in a walkable neighborhood or be bad and bougie in a villa, Booking .com has tons of options for every type of traveler—and we have a Booking .com coupon code to help you save.
Checking out Booking’s deals page is one of the best ways to snag great discounts on rotating and limited-time deals on things like flights and stays. Right now, you can get at least 15% off your next stay with Early 2026 Deals.
Save more by signing up for Booking .com’s loyalty program, Genius, which offers tons of discounts and rewards on pretty much everything travel-related. Loyalty program members can even get up to 20% off stays and up to 15% off car rentals. The program works in tiers: level 1 gets you a 10% discount on select stays and rental cars; level 2 gets you up to 15% off (once you complete 5 bookings in two years); and level 3 gets you up to20% off stays and up to 15% off rental cars (once you complete 15 bookings in two years). Once you sign up for the Genius loyalty program, make sure you’re signed in while you browse to get discounts of up to 50% off stays and free cancellations, along with bonus secret deals from Booking .com.
If you’re someone who travels frequently, it may be a good idea to get a Booking.com Genius Rewards Visa Signature Credit Card so you can get even more rewards on purchases you were already going to make. With this card, you’ll have no fee, and get 6% in travel credits on stays booked in the Booking.com app, and 5% on other travel on Booking.com when you use your card. Plus, you’ll get $150 in travel credits when you spend $1,500 using your card in the first 90 days. The more you use, the more perks you’ll get—when you get to Genius Level 3, you’ll receive rewards like 10-20% off select stays, and 10-15% off select rental cars and priority support.
Glory be! Winter is starting to fade and sunshine is on its way. Make the most of springtime with spring travel deals at outrageously low prices, including stays in Istanbul starting at $18 per night, Paris from $67 per night, Cancun from $32 per night, and Las Vegas from $128 per night. Go ahead, check it out, you deserve a nice vacay from enduring the winter.
A cruise is one of the cheapest ways to have an all-inclusive vacation, while staying on the mainland and partying at sea. If you’ve ever been curious about taking a cruise (or are a returning sailor), now’s a great time to book for so much less. If you book a qualifying sailing departing on or before December 31, 2027, you’ll get up to $1,000 to spend onboard, which counts toward almost anything, like cocktails, specialty dining, spa treatments, and other onboard purchases.
The actual amount you’ll get to spend vary based on total cruise price, and don’t include travel protection, port charges, port expenses, and taxes, and are generally as follows: $25 per $1-$999 booking, $50 per $1,000-$1,499 booking, $75 per $1,500-$1,999 booking, $100 per $2,000-$2,999 booking, $125 per $3,000-$3,999 booking, $175 per $4,000-$5,999 booking, $250 per $6,000-$7,999 booking, $350 per $8,000-$9,999 booking, $500 per $10,000-$14,999 booking, $750 per $15,000-$19,999 booking, and $1,000 per $20,000 or more booking.
Plus, if you don’t have the entirety of the money owed for a cruise now, you can still lock in now for just $25. As long as you pay a small non-refundable $25 fee, Booking will advance your cruise line deposit (up to $500). Your deposit will be automatically charged 10 days before your final payment is due, giving you peace of mind and more time to plan (and save!).
If you have the time off for your next vacation, but don’t know where to go, I’d check out Booking’s seasonal and holiday deals webpage, where there are rotating and flash deals depending on time, seasonality, and location. There are time-specific destinations like Lunar New Year deals, spring holiday deals focused on warm-weather travel destinations, and Carnival deals for places that celebrate in style, like the Big Easy.
If you’re looking to book travel to a destination that requires a car, I’d highly recommend also renting a car through Booking. Booking has access to the most popular rental car companies, like Avis, Budget, Hertz, Enterprise, and more, so that you can book with peace of mind. And when you travel more, you’ll spend less—all you need to do is sign in, peruse car rental options, and look for the blue ‘Genius’ label to save 10% on car rentals. Plus, if you spend using your Genius Rewards Visa you can earn 5% in travel credits on car rentals.
It’s surprising, but one of the most cost effective vacations you can embark on is a cruise. These all-inclusive packages combine travel to new destinations with a non-stop party at sea. Be sure to check out Booking.com’s cruising page for rotating cruise deals and offers, with many under $399 for an all-inclusive package. One of the best ways to score the biggest deals at sea is by signing up for their email newsletter, which will send you the latest and greatest cruise offers. Plus, you can even combine cruise line offers with Booking.com’s cruise exclusives, like up to $1,000 to spend on board, bookings at just $25 per room, and more.
A newly surfaced Steve Jobs-signed check is up for auction, linking the nation’s milestone anniversary with the earliest days of the personal computer revolution.
RR Auction is currently running a Fine Autographs and Artifacts auction, full of signatures from American presidents, political figures, authors, kings, queens, scientists, engineers, innovators, and everyone in between. Among the famous names is Steve Jobs, Apple’s co-founder and former CEO.
It’s hardly the first time Jobs-signed item has made it to the auction block, but this one comes with remarkable timing. The $10 payment to the People’s Computer Company (PCC) is dated July 4, 1976, America’s Bicentennial, just months after Apple was founded.
That date also means that the check was filled out just three months after Jobs and Steve Wozniak founded Apple in Jobs’s family garage. At the time, Jobs and Wozniak would have been building their first product, the Apple-1.
The check bears the letters DDJ, which suggests that it was payment for a one-year subscription to Dr. Dobb’s Journal, a programming magazine spun off from PCC’s newsletter.
At the time of publication, the check has 14 bids and is currently priced at $21,962. RR Auction expects the check to sell for $25,000.
The auction will run until July 15. Interested buyers must place an initial bid by July 15 at 6:00 pm, with final bidding to take place shortly after.
This year, America celebrates its 250th birthday. Apple celebrated a milestone birthday of its own, its 50th, on April 1.
In January, Apple’s 1976 formation papers landed on the auction block. While it was suggested that the papers could fetch up to $4 million, they eventually sold for $2.51 million.
Weekend Open Thread: Staud – Corporette.com
The House | Manchesterism won’t survive the painful trade-offs unless it gets citizens on board
Strategy authorizes up to $1.25B in Bitcoin sales under new capital plan
Potential 2028er World Cup attendee leaderboard
Asia stock markets slide as tech shares slump
MAJOR BITCOIN & MARKET UPDATE!!!! (MUST WATCH ASAP!!!)
A Look At A Gaggle Of Transputer Boards
Dell (DELL) Shares Tumble Over 5% Following Analyst Downgrade to Hold
Coinbase, Circle Deepen Crypto Stock Losses Despite Resilient S&P 500
Australia treasurer says alleged access of prime minister’s bank data ’incredibly concerning’
Kraken's xStocks Opens Bending Spoons IPO Registration to EEA Retail
FIH Pro League: India defeat Pakistan 7-1, register biggest win of campaign | Other Sports News
Bitcoin Sparks $600M Hourly Liquidations With $65,000 Set To Become Resistance
Anonymous researcher drops 0-day ‘exploitarium’ repo
Bluekit phishing kit adopts browser-in-the-middle for login theft
Russian hackers now target Signal backup recovery keys
Hyperliquid Named on Singapore MAS Investor Alert Register
RTX holders must register wallets before token distribution begins
Broncos roster: OL Ben Powers (No. 74) entering final year of contract
The AI boom won’t burst all at once. It will pop in ‘rolling bubbles’: Macquarie
You must be logged in to post a comment Login