Following on from a story I wrote comparing the speed of Pandas and Polars libraries in terms of reading and writing data — from and to — a Postgres database I thought it might be interesting to do a similar comparison between Pandas and Psycopg2.
If you need to get data from or to a Postgres database table from or to a local file, read on for the winner.
You can find the Pandas v Polars article at the link below:
Pandas
I don’t think I need to explain much about what Pandas is. Its use in Python code is ubiquitous and is one of the main tools that people use to load, explore, visualise and process large amounts of data in Python.
Psycopg
Psycopg is one of the most popular PostgreSQL database libraries for the Python programming language. It implements the Python Database API Specification v2.0, allowing Python applications to communicate with PostgreSQL databases.
Writing an essay is one of the many tasks you’ll face as a student, so it’s essential to have good essay-writing skills. Strong writing skills can help you excel in your classes, standardized tests, and workplace. Fortunately, there are many ways you can improve your essay-writing skills. This article will provide golden tips to help you become a better essay writer.
Seek Professional Writing Help
Seeking professional writing help is one of the golden tips to improve your essay writing skills because it gives you access to experienced and knowledgeable writers who can help you craft a high-quality essay. Essay writing can be challenging and time-consuming for many students, particularly those needing strong writing skills or more confidence in writing a good essay.
With professional writing help, you can get personalized feedback, guidance, and support to ensure your essay is of the highest quality. Professional writing help can also allow you to learn from the expertise of experienced writers, enabling you to improve your essay-writing skills. Students can look into platforms like www.vivaessays.com/essay-writer/ to get the needed assistance.
Read Widely
Another crucial tip for improving your essay writing skills is to read widely. Reading other people’s work can give you a better insight into what makes a good essay and can help you to develop your writing style. Reading other people’s work can also help gain new knowledge and ideas.
Additionally, reading widely allows you to better understand grammar and sentence structure, which will help you construct your sentences. Finally, reading widely can help you develop your critical thinking skills and allow you to compare and contrast different ideas and viewpoints. All of these skills will be beneficial when writing your essays.
Practice!
They say that practice makes perfect, and this is certainly true when it comes to essay writing. You can improve your essays by consistently practicing and honing your writing skills. Practicing can help you become more comfortable with the structure of an essay and become familiar with the conventions of essay writing.
Additionally, practicing can help you become more aware of which words and phrases work best in an essay, as well as help you become a more effective and clear communicator. Practicing can also help you become more confident in your writing and can help you identify any weak areas that need improvement. In short, practicing can help you hone your skills and make you a better essay writer.
Have Someone Else Review Your Work
Having a third eye review of your work can help you identify areas of improvement in your essay-writing skills. It can see you identify areas where you may be using too many words or where your writing may be confusing or unclear. It can also aid in identifying areas where you may be making the same mistakes or where you may be repeating yourself. Furthermore, it can help you identify weak points in your argument or areas where you may need to provide more evidence or detail.
Finally, it can help you identify any grammar, spelling, or punctuation mistakes that you may have made. Ultimately, having someone review your work can help you become a better essay writer by highlighting areas you need to improve and providing constructive feedback.
Have A Study Buddy
Having a study buddy or group can help improve your essay-writing skills by providing a constructive environment for peer review. The group members can read each other’s work, offer feedback and criticism, and discuss ways to improve the essay. This can help identify common mistakes and improvement areas and provide insight on how to structure an essay for clarity and effectiveness. Additionally, studying with a group can keep you motivated and on task. It can give a sense of camaraderie and support when tackling a complex writing task.
Work On Your Grammar, Spelling, And Punctuation Skills
Lastly, improving your grammar, spelling, and punctuation skills is essential for improving your essay writing skills. Good grammar, spelling, and punctuation are the foundation of effective communication. If your writing is filled with errors, your message may be lost, and your essay will not make the grade.
Furthermore, when you write an essay, it is essential to remember the conventions of grammar, spelling, and punctuation. This will help ensure that your essay is straightforward to read. Additionally, if you can use correct grammar, spelling, and punctuation correctly, it will make your essay appear more professional and polished. Therefore, improving your grammar, spelling, and punctuation skills is essential to improving your essay writing skills.
Conclusion
Essays are part of every student’s life, so it’s crucial to have good essay-writing skills. Fortunately, there are many tips and strategies to help you become a better essay writer. These include seeking professional writing help, reading widely, practicing, having someone else review your work, and having a study buddy or group. Following these golden tips can improve your essay-writing skills and become a better essay writer.
Seqrite Labs APT team has discovered “Pahalgam Terror Attack” themed documents being used by the Pakistan-linked APT group Transparent Tribe (APT36) to target Indian Government and Defense personnel. The campaign involves both credential phishing and deployment of malicious payloads, with fake domains impersonating Jammu & Kashmir Police and Indian Air Force (IAF) created shortly after the April 22, 2025 attack. This advisory alerts about the phishing PDF and domains used to uncover similar activity along with macro-laced document used to deploy the group’s well-known Crimson RAT.
Analysis
The PDF in question was created on April 24, 2025, with the author listed as “Kalu Badshah”. The names of this phishing document are related to the response measures by the Indian Government regarding the attack.
“Action Points & Response by Govt Regarding Pahalgam Terror Attack .pdf”
“Report Update Regarding Pahalgam Terror Attack.pdf”
Picture 1
The content of the document is masked and the link embedded within the document is the primary vector for the attack. If clicked, it leads to a fake login page which is part of a social engineering effort to lure individuals. The embedded URL triggered is:
The domain mimics the legitimate Jammu & Kasmir Police (jkpolice[.]gov[.]in), an official Indian police website, but the fake one introduces a subdomain kashmirattack[.]exposed.
Picture 2
The addition of “kashmirattack” indicates a thematic connection to the sensitive geopolitical issue, in this case, related to the recent attack in the Kashmir region. Once the government credentials are entered for @gov.in or @nic.in, they are sent directly back to the host. Pivoting on the author’s name, we observed multiple such phishing documents.
Picture 3
Multiple names have been observed for each phishing document related to various government and defence meetings to lure the targets, showcasing how quickly the group crafts lures around ongoing events in the country:
Report & Update Regarding Pahalgam Terror Attack.pdf
Report Update Regarding Pahalgam Terror Attack.pdf
Action Points & Response by Govt Regarding Pahalgam Terror Attack .pdf
J&K Police Letter Dated 17 April 2025.pdf
ROD on Review Meeting held on 10 April 2025 by Secy DRDO.pdf
RECORD OF DISCUSSION TECHNICAL REVIEW MEETING NOTICE, 07 April 2025 (1).pdf
MEETING NOTICE – 13th JWG meeting between India and Nepal.pdf
Agenda Points for Joint Venture Meeting at IHQ MoD on 04 March 2025.pdf
DO Letter Integrated HQ of MoD dated 3 March.pdf
Collegiate Meeting Notice & Action Points MoD 24 March.pdf
Letter to the Raksha Mantri Office Dated 26 Feb 2025.pdf
pdf
Alleged Case of Sexual Harassment by Senior Army Officer.pdf
Agenda Points of Meeting of Dept of Defence held at 11March 25.html
Action Points of Meeting of Dept of Defence held at 10March 25.html
Agenda Points of Meeting of External Affairs Dept 10 March 25.pdf.html
PowerPoint PPAM Dropper
A PowerPoint add-on file with the same name as of the phishing document “Report & Update Regarding Pahalgam Terror Attack.ppam” has been identified which contains malicious macros. It extracts both the embedded files into a hidden directory under user’s profile with a dynamic name, determines the payload based on the Windows version and eventually opens the decoy file with the same phishing URL embedded along with executing the Crimson RAT payload.
Picture 4
The final Crimson RAT dropped has internal name “jnmxrvt hcsm.exe” and dropped as “WEISTT.jpg” with similar PDB convention:
All three RAT payloads have compilation timestamp on 2025-04-21, just before the Pahalgam terror attack. As usual the hardcoded default IP is present as a decoy and the actual C2 after decoding is – 93.127.133[.]58. It supports the following 22 commands for command and control apart from retrieving system and user information.
Commands
Functionality
procl / getavs
Get a list of all processes
endpo
Kill process based on PID
scrsz
Set screen size to capture
cscreen
Get screenshot
dirs
Get all disk drives
stops
Stop screen capture
filsz
Get file information (Name, Creation Time, Size)
dowf
Download the file from C2
cnls
Stop uploading, downloading and screen capture
scren
Get screenshots continuously
thumb
Get a thumbnail of the image as GIF with size ‘of 200×150.’
putsrt
Set persistence via Run registry key
udlt
Download & execute file from C2 with ‘vdhairtn’ name
delt
Delete file
file
Exfiltrate the file to C2
info
Get machine info (Computer name, username, IP, OS name, etc.)
runf
Execute command
afile
Exfiltrate file to C2 with additional information
listf
Search files based on extension
dowr
Download file from C2 (No execution)
fles
Get the list of files in a directory
fldr
Get the list of folders in a directory
Infrastructure and Attribution
The phishing domains identified through hunting have the creation day just one or two days after the documents were created.
Domains
Creation
IP
ASN
jkpolice[.]gov[.]in[.]kashmirattack[.]exposed
2025-04-24
37.221.64.134 78.40.143.189
AS 200019 (Alexhost Srl) AS 45839 (Shinjiru Technology)
This kind of attack is typical in hacktivism, where the goal is to create chaos or spread a political message by exploiting sensitive or emotionally charged issues. In this case, the threat actor is exploiting existing tensions surrounding Kashmir to maximize the impact of their campaign and extract intelligence around these issues.
The suspicious domains are part of a phishing and disinformation infrastructure consistent with tactics previously used by APT36 (Transparent Tribe) that has a long history of targeting:
Indian military personnel
Government agencies
Defense and research organizations
Activists and journalists focused on Kashmir
PPAM for initial access has been used since many years to embed malicious executables as OLE objects. Domain impersonation to create deceptive URLs that mimic Indian government, or military infrastructure has been seen consistently since last year. They often exploit sensitive topics like Kashmir conflict, border skirmishes, and military movements to create lures for spear-phishing campaigns. Hence these campaigns are attributed to APT36 with high confidence, to have involved delivering Crimson RAT, hidden behind fake documents or malicious links embedded in spoofed domains.
Potential Impact: Geopolitical and Cybersecurity Implications
The combination of a geopolitical theme and cybersecurity tactics suggests that this document is part of a broader disinformation campaign. The reference to Kashmir, a region with longstanding political and territorial disputes, indicates the attacker’s intention to exploit sensitive topics to stir unrest or create division.
Additionally, using PDF files as a delivery mechanism for malicious links is a proven technique aiming to influence public perception, spread propaganda, or cause disruptions. Here’s how the impact could manifest:
Disruption of Sensitive Operations: If an official or government worker were to interact with this document, it could compromise their personal or organizational security.
Information Operations: The document could lead to the exposure of sensitive documents or the dissemination of false information, thereby creating confusion and distrust among the public.
Espionage and Data Breaches: The phishing attempt could ultimately lead to the theft of sensitive data or the deployment of malware within the target’s network, paving the way for further exploitation.
Recommendations
Email & Document Screening: Implement advanced threat protection to scan PDFs and attachments for embedded malicious links or payloads.
Restrict Macro Execution: Disable macros by default, especially from untrusted sources, across all endpoints.
Network Segmentation & Access Controls: Limit access to sensitive systems and data; apply the principle of least privilege.
User Awareness & Training: Conduct regular training on recognizing phishing, disinformation, and geopolitical manipulation tactics.
Incident Response Preparedness: Ensure a tested response plan is in place for phishing, disinformation, or suspected nation-state activity.
Threat Intelligence Integration: Leverage geopolitical threat intel to identify targeted campaigns and proactively block indicators of compromise (IOCs).
Monitor for Anomalous Behaviour: Use behavioural analytics to detect unusual access patterns or data exfiltration attempts.
Non-functional requirements matter, but we often forget to validate them. You can measure them by setting up Fitness Functions.
Table of Contents
Just a second! 🫷 If you are here, it means that you are a software developer.
So, you know that storage, networking, and domain management have a cost .
If you want to support this blog, please ensure that you have disabled the adblocker for this site. I configured Google AdSense to show as few ADS as possible – I don’t want to bother you with lots of ads, but I still need to add some to pay for the resources for my site.
Thank you for your understanding. – Davide
Just creating an architecture is not enough; you should also make sure that the pieces of stuff you are building are, in the end, the once needed by your system.
Is your system fast enough? Is it passing all the security checks? What about testability, maintainability, and other -ilities?
Fitness Functions are components of the architecture that do not execute functional operations, but, using a set of tests and measurements, allow you to validate that the system respects all the non-functional requirements defined upfront.
Fitness Functions: because non-functional requirements matter
An architecture is made of two main categories of requirements: functional requirements and non-functional requirements.
Functional requirements are the most easy to define and to test: if one of the requirements is “a user with role Admin must be able to see all data”, then writing a suite of tests for this specific requirement is pretty straightforward.
Non-functional requirements are, for sure, as important as functional requirements, but are often overlooked or not detailed. “The system must be fast”: ok, how fast? What do you mean with “fast”? What is an acceptable value of “fast”?
If we don’t have a clear understanding of non-functional requirements, then it’s impossible to measure them.
And once we have defined a way to measure them, how can we ensure that we are meeting our expectations? Here’s where Fitness Functions come in handy.
In fact, Fitness Functions are specific components that focus on non-functional requirements, executing some calculations and providing metrics that help architects and developers ensure that the system’s architecture aligns with business goals, technical requirements, and other quality attributes.
Why Fitness Functions are crucial for future-proof architectures
When creating an architecture, you must think of the most important -ilities for that specific case. How can you ensure that the technical choices we made meet the expectations?
By being related to specific and measurable metrics, Fitness Functions provide a way to assess the architecture’s quality and performance, reducing the reliance on subjective opinions by using objective measurements. A metric can be a simple number (e.g., “maximum number of requests per second”), a percentage value (like “percentage of code covered by tests”) or other values that are still measurable.
Knowing how the system behaves in regards to these measures allows architects to work on the continuous improvement of the system: teams can identify areas for improvement and make decisions based not on personal opinion but on actual data to enhance the system.
Having a centralized place to view the historical values of a measure helps understanding if you have done progresses or, as time goes by, the quality has degraded.
Still talking about the historical values of the measures, having a clear understanding of what is the current status of such metrics can help in identifying potential issues early in the development process, allowing teams to address them before they become critical problems.
For example, by using Fitness Functions, you can ensure that the system is able to handle a certain amount of users per second: having proper measurements, you can identify which functionalities are less performant and, in case of high traffic, may bring the whole system down.
You are already using Fitness Functions, but you didn’t know
Fitness Functions sound like complex things to handle.
Even though you can create your own functions, most probably you are already using them without knowing it. Lots of tools are available out there that cover several metrics, and I’m sure you’ve already used some of them (or, at least, you’ve already heard of them).
Tools like SonarQube and NDepend use Fitness Functions to evaluate code quality based on metrics such as code complexity, duplication, and adherence to coding standards. Those metrics are calculated based on static analysis of the code, and teams can define thresholds under which a system can be at risk of losing maintainability. An example of metric related to code quality is Code Coverage: the higher, the better (even though 100% of code coverage does not guarantee your code is healthy).
Tools like JMeter or K6 help you measure system performance under various conditions: having a history of load testing results can help ensure that, as you add new functionalities to the system, the performance on some specific modules does not downgrade.
All in all, most of the Fitness Functions can be set to be part of CI/CD pipelines: for example, you can configure a CD pipeline to block the deployment of the code on a specific system if the load testing results of the new code are worse than the previous version. Or you could block a Pull Request if the code coverage percentage is getting lower.
Further readings
A good way to start experimenting with Load Testing is by running them locally. A nice open-source project is K6: you can install it on your local machine, define the load phases, and analyze the final result.
But, even if you don’t really care about load testing (maybe because your system is not expected to handle lots of users), I’m sure you still care about code quality and their tests. When using .NET, you can collect code coverage reports using Cobertura. Then, if you are using Azure DevOps, you may want to stop a Pull Request if the code coverage percentage has decreased.
Sometimes, there are things that we use every day, but we don’t know how to name them: Fitness Functions are one of them – and they are the foundation of future-proof software systems.
You can create your own Fitness Functions based on whatever you can (and need to) measure: from average page loading to star-rated customer satisfaction. In conjunction with a clear dashboard, you can provide a clear view of the history of such metrics.
I hope you enjoyed this article! Let’s keep in touch on LinkedIn, Twitter or BlueSky! 🤜🤛
A security researcher from Seqrite Labs has uncovered a malicious campaign targeting U.S. citizens as Tax Day approaches on April 15. Seqrite Labs has identified multiple phishing attacks leveraging tax-related themes as a vector for social engineering, aiming to exfiltrate user credentials and deploy malware. These campaigns predominantly utilize redirection techniques, such as phishing emails, and exploit malicious LNK files to further their objectives.
Each year, cybercriminals exploit the tax season as an opportunity to deploy various social engineering tactics to compromise sensitive personal and financial data. These adversaries craft highly deceptive campaigns designed to trick taxpayers into divulging confidential information, making fraudulent to counterfeit services, or inadvertently installing malicious payloads on their devices, thereby exposing them to identity theft and financial loss.
Infection Chain:
Fig 1: Infection chain
Initial analysis about campaign:
While tax-season phishing, attacks pose a risk to a broad spectrum of individuals, our analysis indicates that certain demographics are disproportionately vulnerable. Specifically, high-risk targets include individuals with limited knowledge of government tax processes, such as green card holders, small business owners, and new taxpayers.
Our findings reveal that threat actors are leveraging a sophisticated phishing technique in which they deliver files via email with deceptive extensions. One such example is a file named “104842599782-4.pdf.lnk,” which utilizes a malicious LNK extension. This tactic exploits user trust by masquerading as a legiti payments mate document, ultimately leading to the execution of malicious payloads upon interaction.
Decoy Document:
Threat actors are disseminating a transcript related to tax sessions, targeting individuals through email by sharing it as a malicious attachment. These cybercriminals are leveraging this document as a vector to deliver harmful payloads, thereby compromising the security of the recipients.
Fig 2: Decoy Document
Technical Analysis:
We have retrieved the LNK file, identified as “04842599782-4.pdf.lnk,” which was utilized in the attack. This LNK file embeds a Base64-encoded payload within its structure.
Fig 3: Inside LNK File
Upon decoding the string, we extracted a PowerShell command line that itself contains another Base64-encoded payload embedded within it.
Fig 4: Encoded PowerShell Command Line
Subsequently, upon decoding the nested Base64 string, we uncovered the final PowerShell command line embedded within the payload.
Fig 5: Decoded Command Line
The extracted PowerShell command line initiated the download of rev_pf2_yas.txt, which itself is a PowerShell script (Payload.ps1) containing yet another Base64-encoded payload embedded within it.
Fig 6: 2nd PowerShell command with Base64 Encoded
We have decoded the above Base64 encoded command line and get below final executable.
Fig 7: Decoded PowerShell Command
According to the PowerShell command line, the script Payload.ps1 (or rev_pf2_yas.txt) initiated the download of an additional file, revolaomt.rar, from the Command and Control (C2) server. This archive contained a malicious executable, named either Setup.exe or revolaomt.exe.
Detail analysis of Setup.exe / revolaomt.exe:
Fig 8: Detect it Easy
Upon detailed examination of the Setup.exe binary, it was identified as a PyInstaller-packaged Python executable. Subsequent extraction and decompilation revealed embedded Python bytecode artifacts, including DCTYKS.pyc and additional Python module components.
Fig 9: PyInstaller-packaged Python executableFig 10: In side DCTYKS.pyc
Upon analysis of the DCTYKS.pyc sample, it was determined that the file contains obfuscated or encrypted payload data, which is programmatically decrypted at runtime and subsequently executed, as illustrated in the figure above.
Fig 11: Encoded DCTYKS.pyc with Base64
Upon successful decryption of the script, it was observed that the sample embeds a Base64-encoded executable payload. The decrypted payload leverages process injection techniques to target mstsc.exe for execution. Further analysis of the second-stage payload revealed it to be a .NET-compiled binary.
Analysis 2nd Payload (Stealerium malware):
Fig 12: .NET Base Malware sample
The second-stage payload is identified as a .NET-based malware sample. Upon inspection of its class structures, methods, and overall functionality, the sample exhibits strong behavioural and structural similarities to the Stealerium malware family, specifically aligning with version 1.0.35.
Stealerium is an open-source information-stealing malware designed to exfiltrate sensitive data from web browsers, cryptocurrency wallets, and popular applications such as Discord, Steam, and Telegram. It performs extensive system reconnaissance by harvesting details including active processes, desktop screenshots, and available Wi-Fi network configurations. Additionally, the malware incorporates sophisticated anti-analysis mechanisms to identify execution within virtualized environments and detect the presence of debugging tools.
This AntiAnalysis class is part of malware designed to detect sandbox, virtual machines, emulators, suspicious processes, services, usernames, and more. It checks system attributes against blacklists fetched from online sources (github). If any suspicious environment is detected, it logs the finding and may trigger self-destruction. This helps the malware avoid analysis in controlled or security research setups.
Mutex Creation
Fig 16: Mutex Creation
This MutexControl class prevents multiple instances of the malware from running at the same time. It tries to create a system-wide mutex using a name from Config.Mutex (QT1bm11ocWPx). If the mutex already exists, it means another instance is running, so it exits the process. If an error occurs during this check, it logs the error and exits too.
Fig 17: Configuration of StringsCrypt.DecryptConfig
It configures necessary values by decrypting them with StringsCrypt.DecryptConfig. It handles the decryption of the server base URL and WebSocket address. If enabled, it also decodes cryptocurrency wallet addresses from Base64 and decrypts them using AES-256 encryption.
“hxxp://91.211.249.142:7816”
Radom Directory Creation
Fig 18: Random Directory Creation
The InitWorkDir() method generates a random subdirectory under %LOCALAPPDATA%, creates it if it doesn’t exist, and hides it for stealth purposes. This is likely used for storing data or maintaining persistence without detection.
\AppData\Local\e9d3e2dd2788c322ffd2c9defddf7728 random directory is created in hidden attribute.
BoT Registration
Fig 19: BOT Registration
The RegisterBot method initiates an HTTP POST request to register a bot instance, utilizing a unique hash identifier and an authorization token for authentication. It serializes the registration payload, appends the necessary HTTP headers, and logs the server response or any encountered exceptions. The method returns a boolean value—true upon successful execution, and false if an exception is raised during the process.
It extracts browser-related data (passwords, cookies, credit cards, history, bookmarks, autofill) from a given user data profile path.
FileZilla Credentials stealer activity
Fig 21: FileZilla Credential Stealer activity
The above code is part of a password-stealing component targeting FileZilla, an FTP client.
Gaming Platform Data Extraction Modules
Fig 22: Gaming platform data extraction
This component under bt.Stub.Target.Gaming is designed to collect data from the following platforms:
BattleNet
Minecraft
Steam
Uplay
Each class likely implements routines to extract user data, game configurations, or sensitive files for exfiltration.
Fig 23: Checks for a Minecraft installation
It checks for a Minecraft installation and creates a save directory to exfiltrate various data like mods, files, versions, logs, and screenshots. It conditionally captures logs and screenshots based on the Config.GrabberModule setting.
Messenger Data Stealer Modules
Itargets various communication platforms to extract user data or credentials from:
Discord
Element
ICQ
Outlook
Pidgin
Signal
Skype
Telegram
Tox
Below is one example of Outlook Credentials Harvesting
It targets specific registry keys associated with Outlook profiles to extract sensitive information like email addresses, server names, usernames, and passwords. It gathers data for multiple mail clients (SMTP, POP3, IMAP) and writes the collected information to a file (Outlook.txt).
Fig 24: Messenger Data Extraction
Webcam Screenshot Capture
Attempts to take a screenshot using a connected webcam, saving the image as a JPEG file. If only one camera is connected, it triggers a series of messages to capture the webcam image, which is then saved to the specified path (camera.jpg or a timestamped filename). The method is controlled by a configuration setting (Config.WebcamScreenshot).
Fig 25: Webcam Screen shot captures
Wi-Fi Password Retrieval
It retrieves the Wi-Fi password for a given network profile by running the command netsh wlan show profile and extracting the password from the output. The command uses findstr Key to filter the password, which is then split and trimmed to get the value
Fig 26: WI-FI Password Retrieval
VPN Data Extraction
It targets various VPN applications to exfiltrate sensitive information such as login credentials:
NordVpn
OpenVpn
ProtonVpn
For example, it extracts and saves NordVPN credentials from the user.config file found in NordVPN installation directories. It looks for “Username” and “Password” settings, decodes them, and writes them to a file (accounts.txt) in the specified savePath.
Fig 27: VPN Data Extraction
Porn Detection & Screenshot Capture
Fig 28: Porn Detection & Snapshot Captures.
It detects adult content by checking if the active window’s title contains specific keywords related to NSFW content (configured in Config.PornServices). If such content is detected, it triggers a screenshot capture.
Conclusion:
Based on our recent proactive threat analysis, we’ve identified that cybercriminals are actively targeting U.S. citizens around the tax filing period scheduled for April 15. These threat actors are leveraging the occasion to deploy Stealerium malware, using deceptive tactics to trick users.
Stealerium malware is designed to steal Personally Identifiable Information (PII) from infected devices and transmit it to attacker-controlled bots for further exploitation.
To safeguard your data and devices, we strongly recommend using Seqrite Endpoint Security, which provides advanced protection against such evolving threats.
Stay secure. Stay protected with Seqrite.
TTPS
Tactic
Technique ID
Name
Initial Access
T1566.001
Phishing: Spear phishing Attachment
Execution
T1059.001
Command and Scripting Interpreter: PowerShell
Evasion
T1140
Deobfuscate/Decode Files or Information
T1027
Obfuscated Files or Information
T1497
Virtualization/Sandbox Evasion
T1497.001
System Checks
Credential Access
T1555.003
Credentials from Password Stores: Credentials from Web Browsers
T1539
Steal Web Session Cookie
Discovery
T1217
Browser Information Discovery
T1016
System Network Configuration Discovery: Wi-Fi Discovery
Collection
T1113
Screen Capture
Exfiltration
T1567.004
Exfiltration Over Web Service: Exfiltration Over Webhook
Many of you will know that every man and his dog are producing AI products or LLM’s and integrating them with their products. Not surprisingly AWS — the biggest cloud services provider — is also getting in on the act.
What is bedrock?
Its AI offering is called Bedrock and the following blurb from it’s website describes what Bedrock is.
Amazon Bedrock is a fully managed service that offers a choice of high-performing foundation models (FMs) from leading AI companies like AI21 Labs, Anthropic, Cohere, Meta, Stability AI, and Amazon via a single API, along with a broad set of capabilities you need to build generative AI applications, simplifying development while maintaining privacy and security. With Amazon Bedrock’s comprehensive capabilities, you can easily experiment with a variety of top FMs, privately customize them with your data using techniques such as fine-tuning and retrieval augmented generation (RAG), and create managed agents that execute complex business tasks — from booking travel and processing insurance claims to creating ad campaigns and managing inventory — all without writing any code. Since Amazon Bedrock is serverless, you don’t have to manage any infrastructure, and you can securely integrate and deploy generative AI…
Millions of articles extolling the advantages of remote work. It can be found online, but what about the less glamorous aspects of working from home? While obtaining remote employment has its benefits, there are a few things you may want to put into a statement before submitting your application if this is your first-time job search and applying for a remote position.
Being alone when working remotely
The days, weeks, and months might quickly start to seem lonely, although working remotely from home may seem like an introvert’s dream. Depending on the demands of your remote employees, you can go days without speaking to anyone, and when you do, it’s frequently over video chat or messaging software. By allowing their employees to socialise online or in person whenever possible, good remote employers will attempt to create a community among their staff.
It requires more effort to communicate
It’s simple to approach a coworker across the room or drop by their office in an office setting to discuss a project. It takes work to communicate as a remote team and includes job search. It’s far simpler for ideas to get lost in translation when you can’t share them in person and groups can span multiple time zones. Indeed, platforms and Slack make remote discussions more manageable. Setting your online status is as important as remembering to send a follow-up email or participate in a group chat when efficiently engaging with a remote team.
The Work of Your Remote Employer May Cross Many Time Zones
Working in a remote team requires becoming acclimated to communicating with individuals. Even if it’s simple to do this online, you still need to account for everyone’s time zone and national holidays. It may be necessary to compromise on your work schedule or schedule meetings at odd hours while working remotely with a large international team. It might not be for you to work remotely as part of a global team across time zones if you prefer a set 9 to 5 and demand constant access to all of your coworkers at RemoteHub. Using world clock apps is a simple approach to monitoring time in several time zones.
You might not receive payment in your home currency
Employers get to choose from among the people on the planet, which is one benefit of using a remote workforce. You might have to get used to receiving your pay in a different currency if you’re one of those remote workers. Every employer has a different pay structure. Some online firms will deposit money into your bank account immediately, while others may use a third-party payment system.
A Quality Remote Setup Can Be Expensive
You don’t fully understand how profitable it is to have office supplies like printers, stationery, ergonomic chairs, and standing desks until you leave an office setting. Most small companies expect you to have access to the tools you need to execute your job, while others will provide you with a budget to set up a remote home office. In addition to small items like pencils and paper, collect a desk, an ergonomic chair, a computer, a second monitor, a printer, headphones, a camera, and a quick internet connection.
I’m putting Better Programming on hiatus to make room for other programming publications.
I get that this is a big pivot given that we switched to a new editor recently. But things are changing at Medium and I think this will ultimately be a boon for everyone, authors, readers and publications.
I would like to inspire some (but not all) of you to start a publication and give you some guidelines on how to do it well. If you are an author, there are many other publications to write for and hopefully there will soon be even more (check the comments for suggestions).
Medium has always had publications that acted as something in between a group blog and a sub-reddit. Publication editors help set a quality bar, give feedback on your posts, and bring you an audience. Publications are a pillar of the Medium experience.
But the publication opportunities that (I think) are exciting are changing. In the past, the way to have a successful publication was to publish on anything and everything. So Medium was dominated by broad, high volume publications. Better Programming was one of those pubs and we published on topics that might not have a lot of overlapping readers. How many of you are currently programming in all of these languages: Go, Rust, Javascript, Ruby, Python, Swift, Kotlin, and Dart?
Better Programming has published stories on all of those topics and more, and so by definition we were often publishing stories that a lot of you don’t want to read. The direction Medium is heading is to optimize for publications that are more focused than Better Programming has been.
There are two types of focuses that I’m personally excited about. One is that publications are de facto communities of enthusiasts. The other is that publications bring a level of expertise to Medium’s boost program. Caveat: these are just what I’m excited about — maybe you have more creative ideas than I do.
Both cases beg for publications that are focused.
If you want to build an enthusiast community of people who love Kotlin, who want to write about their Kotlin projects and what they are learning, then you don’t also need authors in your publication who are writing about Swift.
Similarly, Medium is leaning on the expertise of publication editors to contribute as nominators in the Boost program. It’s hard to bring credible expertise when your focus is too broad. Most nominators also have first hand expertise beyond what they publish. So, if I were to run Better Programming myself, I think I could credibly nominate within Rails (I’ve built several companies on that stack) and Regular Expressions (I wrote a book), but I’m clueless on nearly everything else.
Running a publication isn’t for everyone and it isn’t a get-rich-quick scheme. The best publications are run out of authentic interest in a topic and nothing more. In technical topics, there can be some financial rewards, which I’ll get to. But mainly it’s best to think of this as a way to harness a passion you may have. I know that the community building impulse is strong in many of you because I’ve seen how many people have started publications on Medium over the years.
For any of you who are interested, I’m going to give you some tips on starting a publication. These aren’t exactly a recipe, but I’ll try to arrange them in order.
Pubs are easy to start and at minimum you have yourself as a possible author to fill the pub with stories. Here’s a link to get going.
If you want to accept other authors then you need to setup instructions. Almost all publications that accept other authors setup a “write for us” page with instructions, make it a tab on the publication, write a style guide, and then create a Google form to handle new author applications. Copy ours.
Do you want to focus on inclusivity? If so, then your role is probably more about support and encouragement and less about setting a high editorial bar. People get squeamish about being judged but the thing I’ve long recognized is that all writing was useful to the writer and is often useful to at least a few people, but very little writing is going to trend on Reddit or HackerNews.
Do you want to focus on exclusivity, i.e. finding the best of the best ideas and information on a topic? Medium’s Boost program gives publication editors a tool to recruit authors: “I can help boost your stories to more readers.” You can’t just boost anything, it has to be the best of the best. And so focusing on that is a very exclusive approach. I often think of a publication here about Runners where the editor is using his access to the Boost to work with professional running coaches, professional runners, and the former editor-in-chief of Runners World. That must be so fun for him! The programming equivalent is different for each programming languange so I’ll use an example from the language I got started in: if I started a publication for Perl, I’d use the boost as a way to recruit Larry Wall.
Consider becoming a Boost nominator but also consider that doing that will require having a strong nose for the best of the best. Of course every story on Medium is “high quality” but there are certain stories that are important, accurate, helpful and maybe even more than that. This isn’t official policy, but unofficially, it would be reasonable to submit an application to be a Boost Nominator once you have a publication with three authors and ten stories.
Getting a publication started requires recruiting authors. Hopefully you know some already, even if they aren’t on Medium. I think that if you don’t know a subject well enough that you also already know other people with similar enthusiasm and expertise in that subject, then starting a publication isn’t for you. That’s not a hard rule, but I’m saying it from experience. After recruiting from your own network, the way almost every other publication has recruited authors is by monitoring relevant tags on Medium and then using the private note feature to invite recently published stories into your publication.
Lets talk money. If you are a publication that Boosts stories you will get paid an honorarium. Plus if you build an audience, your own stories might make more money. But, you are missing the big picture if this is the most important thing to you. Writing and editing is a form of portfolio building. The software engineering field pays so much money, way beyond what Medium pays for writing. So focusing on getting paid from Medium is the ultimate example of a local maxima because the you can make 1000x more by building a reputation and using it to get a job or raise. This is just fact.
If you do start a programming publication that is looking for authors or you’ve already started a programming publication like that, post a link in the responses along with a link to your submission guidelines.
Authors: I looked up Better Programming’s stats. 4.6k authors have published 16.8k stories to Better Programming. Those stories generated 151M page views. Not all of them were behind the paywall, but the ones that were earned authors $999 thousand dollars. It’s been a huge honor to play a role in that and my thanks go out to the editors who’ve made it happen and to all of you for writing. Medium is still a great home for you, it’s just that you should find new places to publish.
Cryptocurrency has exploded in popularity in recent years, with Bitcoin and Ethereum leading the charge. As a result, many businesses have taken notice and are now looking to get involved in the market. One of the first things you need to do is optimize your website for cryptocurrency SEO.
Here are four strategies for doing just that.
1. Build a strong title tag
Your title tag is the first thing people see when they visit your website. Make sure it’s descriptive and keyword rich, so you can rank well for relevant keywords.
2. Optimize your meta data
Metadata is information about your website that search engines use to determine how to display your page in their results pages. Including relevant keywords in your title, description, and h1 tags will help boost your ranking.
3. Add alt tags and images
Adding alt tags and images to your content can help improve click-through rates (CTRs) and SERP visibility. Plus, it can add an extra layer of protection against Googlebot stealing your content.
4. Monitor traffic trends and make adjustments accordingly
Keep track of monthly traffic trends so you can make changes to your website strategy as needed. If you see a drop in traffic, for example, you may need to adjust your SEO tactics accordingly.
What is Cryptocurrency SEO?
Cryptocurrency SEO is an ever-growing field that employs a variety of strategies in order to optimize a website for search engine results. One of the most important aspects of cryptocurrency SEO is creating SEO targeted content that is both informative and engaging, as this will help draw in potential investors and customers.
Here are some pointers for cryptocurrency SEO-optimizing your website:
1. Write Quality Articles:
One of the most important aspects of cryptocurrency SEO is writing quality content that is both informative and engaging. This will help draw in potential investors and customers.
2. Publish Regularly:
It is important to publish regular content on your website in order to keep it top of mind for search engine results.
3. Include keyword rich titles and descriptions:
When writing your content, make sure to include keyword rich titles and descriptions in order to improve your site’s visibility for cryptocurrency SEO purposes.
4. Optimize Images for Ranking:
In order to improve your website’s rankings for cryptocurrency SEO, ensure that all images are optimized for ranking. This includes uploading high-quality images, using alt tags, and adding keywords throughout the image files.
5. Use In-Page SEO Opportunities:
In addition to optimizing images, make sure to take advantage of in-page SEO opportunities such as keyword placement in header tags, meta descriptions, and title tags. However, if you are having trouble on-page optimising your website and want to set your website apart from the rest of your competitors, then Incrementors New Jersey on-page seo services can assist you in website optimization and can raise the ranking of your website in Google.
6. Research Your Competitors:
It is important to research your competitors in order to learn what works best for them and how you can improve upon it. This will help you stay ahead of the competition and attract more investors and customers.
How does cryptocurrency SEO work?
Cryptocurrency SEO is all about getting your website ranked higher in search engine results pages (SERPs) for keywords related to cryptocurrencies. There are a number of strategies you can employ to optimize your website for these keywords, including using keyword research tools and Google AdWords guidelines.
To get started, you’ll need to understand the basics of cryptocurrency SEO: what keywords to target, how to rank for those keywords, and which advertising channels work best. Once you have a good understanding of the basics, it’s time to start optimizing your website.
One of the most important aspects of cryptocurrency SEO is keyword research. You must identify specific keywords that potential cryptocurrency customers are likely to be searching for. To do this, you’ll need to use keyword analysis tools like Google Trends or Moz Pro. Once you have a list of targeted keywords, it’s time to start developing your strategy for ranking for them.
There are a number of ways to rank higher in SERPs for cryptocurrency-related keywords: through organic search results, paid search campaigns, or social media optimization. It’s important to choose the strategy that works best for your website and campaign goals; some methods may be more effective than others depending on your site’s content and audience.
Once you’ve selected a strategy and implemented it on your website, it’s important to monitor results carefully and make adjustments as needed. Cryptocurrency SEO is an ongoing process; constant tweaks are necessary in order to maintain top rankings and maximize ROI.
What are the benefits of cryptocurrency SEO?
Cryptocurrency SEO can be a great way to improve your website’s organic search engine ranking. Many people are interested in cryptocurrencies and may be searching for information about them on Google. Optimizing your website for cryptocurrency SEO can help increase traffic and leads from these searches.
There are many different ways to optimize your website for cryptocurrency SEO, so it’s important to choose the strategy that will work best for you and your website. Some common strategies include using relevant keywords, creating quality content, and optimizing your site for mobile devices.
Using relevant keywords is the most important aspect of cryptocurrency SEO. Make sure to include keywords in the titles of your articles, in the tags used on your posts, and in the name of your website. Try to use keywords that people would actually search for when looking for information about cryptocurrencies.
Quality content is also important when optimizing your website for cryptocurrency SEO. Make sure that all of the content on your site is high-quality and relevant to potential customers. In addition, make sure that all of the images used on your site are properly tagged and optimized for SEO purposes.
Finally, check to see if your website is mobile-friendly. Mobile users tend to be more likely than desktop users to look for information about cryptocurrencies online. If you have a mobile version of your website, make sure that it’s properly designed and optimized for mobile viewing.
How do you identify the best keywords for your website?
There are a few different ways to identify the best keywords for your website.
Use Google AdWords Keyword Planner: This tool will show you how many people are searching for specific keywords and what their competition is. It also allows you to see trends over time, so you can adjust your campaigns accordingly.
Use Google Trends: Search interest in a keyword over time can give you an idea of which keywords are becoming more popular. However, be aware that this data changes frequently, so it’s always worth checking back regularly.
Conduct Your Own Research: Not all keywords will be related to your business, so it’s important to research which ones might be the most relevant to your niche. You can use online tools like SEMrush or Ahrefs to find related keywords and analyze their competition.
While there aren’t surefire tips for finding the best keywords for your website, these three strategies should help you get started.
What other factors should you consider when optimizing your website for cryptocurrency SEO?
There are a few other factors you should consider when optimizing your website for cryptocurrency SEO. First, make sure your site is well-organized and easy to navigate. Make sure all of your content is easily accessible and search engine friendly. Also, make sure all of your site’s links are optimized properly. Finally, make sure your site features an engaging and user-friendly design that will draw in cryptocurrency investors.
Conclusion
Cryptocurrency SEO is a growing field and with good reason – it can help your website rank higher in google search results for specific keywords. However, like any form of marketing, cryptocurrency SEO requires some planning and knowledge in order to be successful. In this article, I’ll outline the basics of cryptocurrency SEO so that you can start optimizing your website today!
