Share your voice Tags Top 5 things Avengers: Endgame sets up for the future TV and Movies This means Endgame is sailing past Avatar’s $761 million in domestic ticket sales and taking the No. 2 spot here, behind only Star Wars: The Force Awakens, which is still No. 1 domestically with $937 million in the box office sales.Worldwide, Endgame has now sold an estimated $2.6 billion in tickets, including $76.2 million this weekend. But Avatar still reigns at No. 1 with $2.79 billion in ticket sales globally.Disney, by the way, owns all three franchises, so we know who the real winner is. 26 Photos Watch out, Avatar. Here they come. Marvel Studios Fans are still waiting for Avengers: Endgame to inevitably snap Avatar’s record as the No. 1 movie of all time worldwide. But this weekend, Endgame has taken another step toward that milestone, racing past Avatar’s ticket sales domestically.According to box office estimates and Disney, Endgame will take in $29.4 million domestically — as in the US and Canada — at the end of its fourth weekend for a total of $770.8 million in domestic ticket sales. 0 Post a comment 2:58 Now playing: Watch this: How to watch every Marvel Cinematic Universe film in the right order
Police collect evidence at the site of a shooting on early Friday in the city of Basel, north-west Switzerland. AFP photoTwo men shot dead two people and seriously injured a third on Thursday at a cafe in Basel, north-west Switzerland, police said as they hunt for the suspects.“Two men came into Cafe 56” around 8:15 pm local time (1915 GMT) “and fired several rounds of shots,” police said in a statement, without providing information on a possible motive.“Two customers were killed. Another is in a critical condition.”The assailants were on the run following the shooting, according to police, who said they had headed in the direction of the railway station after the attack.“The reason behind the attack is not yet known and will be investigated,” the Basel prosecutor’s office said in a statement.Police have asked anyone with information regarding the incident to come forward.The road next to the cafe has been cordoned off and traffic redirected.A bullet hole was visible in one of the windows of the establishment, a small cafe in a residential neighbourhood.An AFP photographer at the scene saw police dressed in white forensic garb collecting evidence at the site.“Cafe 56 doesn’t have a bad reputation,” a neighbourhood resident told local newspaper Basler Zeitung.“It was previously an establishment known for its links to the drug world, but since the owner changed several years ago it became an ordinary cafe,” the paper quoted another resident as saying.Gun crime is infrequent in Switzerland, even though the country has one of the highest rates of firearm ownership in the world.Citizens are allowed to keep their army-issue weapons at home outside periods of mandatory military service.This right has been controversial as sometimes weapons are used at home in domestic incidents.The number of weapons held at home is believed to be two million for a population of eight million, according to Swiss press.In January, a man clad in military clothing shot and injured two police officers as they searched his home in northeast Switzerland for a suspected cannabis plantation.The gunman fled but was eventually cornered and after a standoff lasting several hours, which included negotiations over the telephone, he shot himself dead.Police searching his home found gun publications.
On 31st July 2018, Eric Holmes, a security researcher gained access to Homebrew’s GitHub repo easily (He documents his experience in an in-depth Medium post). Homebrew is a free and open-source software package management system with well-known packages like node, git, and many more. It simplifies the installation of software on macOS. The Homebrew repository contains its recently elevated scopes. Eric gained access to git push on Homebrew/brew and Homebrew/homebrew-core. He was able to invade and make his first commit into Homebrew’s GitHub repo within 30 minutes. Attack = Higher chances of obtaining user credentials After getting an easy access to Homebrew’s GitHub repositories, Eric’s prime motive was to uncover user credentials of some of the members of Homebrew GitHub org. For this, he made use of an OSSINT tool by Michael Henriksen called gitrob, which easily automates the credential search. However, he could not find anything interesting. Next, he explored Homebrew’s previously disclosed issues on https://hackerone.com/Homebrew, which led him to the observation that Homebrew runs a Jenkins instance that’s (intentionally) publicly exposed at https://jenkins.brew.sh. With further invasion into the repo, Eric encountered that the builds in the “Homebrew Bottles” project were making authenticated pushes to the BrewTestBot/homebrew-core repo. This further led him to an exposed GitHub API token. The token opened commit access to these core Homebrew repos: Homebrew/brew Homebrew/homebrew-core Homebrew/formulae.brew.sh Eric stated in his post that, “If I were a malicious actor, I could have made a small, likely unnoticed change to the openssl formulae, placing a backdoor on any machine that installed it.” Via such a backdoor, intruders could have gained access to private company networks that use Homebrew. This could further lead to data breach on a large scale. Eric reported this issue to Homebrew developer, Mike McQuaid. Following which, he publicly disclosed the issue on the blog at https://brew.sh/2018/08/05/security-incident-disclosure/. Within a few hours the credentials had been revoked, replaced and sanitised within Jenkins so they would not be revealed in future. Homebrew/brew and Homebrew/homebrew-core were updated so non-administrators on those repositories cannot push directly to master. The Homebrew team worked with GitHub to audit and ensure that the given access token wasn’t used maliciously, and didn’t make any unexpected commits to the core Homebrew repos. As an ethical hacker, Eric reported the vulnerabilities he found to the Homebrew team and did no harm to the repo itself. But, not all projects may have such happy endings. How can one safeguard their systems from supply chain attacks? The precautions which Eric Holmes took were credible. He informed the Homebrew developer. However, not every hacker has good intentions and it is one’s responsibility to make sure to keep a check on all the supply chains associated to an organization. Keeping a check on all the libraries One should not allow random libraries into the supply chain. This is because it is difficult to partition libraries with organization’s custom code, thus both run with the same privilege risking the company’s security. One should make sure to levy certain policies around the code the company wishes to allow. Only projects with high popularity, active committers, and evidence of process should be allowed. Establishing guidelines Each company should create guidelines for secure use of the libraries selected. For this, a prior definition of what the libraries are expected to be used for should be made. The developers should also be detailed in safely installing, configuring, and using each library within their code. Identification of dangerous methods and how to use them safely should also be taken care of. A thorough vigilance within the inventory Every organization should keep a check within their inventories to know what open source libraries they are using. They should also ensure to set up a notification system which keeps them abreast of which new vulnerabilities the applications and servers are affected. Protection during runtime Organizations should also make use of runtime application security protection (RASP) to prevent both known and unknown library vulnerabilities from being exploited. If in case they notice new vulnerabilities, the RASP infrastructure enables one to respond in minutes. The software supply chain is the important part to create and deploy applications quickly. Hence, one should take complete care to avoid any misuse via this channel. Read the detailed story of Homebrew’s attack escape on its blog post and Eric’s firsthand account of how he went about planning the attack and the motivation behind it on his medium post. Read Next DCLeaks and Guccifer 2.0: Hackers used social engineering to manipulate the 2016 U.S. elections Twitter allegedly deleted 70 million fake accounts in an attempt to curb fake news YouTube has a $25 million plan to counter fake news and misinformation