AmbiguousProps

I do some freelance on the side and it's getting kind of difficult to properly track my billable hours. Is there an invoice system that I can track them with, along with generating invoices?

Thanks!

Cybersecurity researchers have unpacked a new malware strain dubbed PG_MEM that's designed to mine cryptocurrency after brute-forcing their way into PostgreSQL database instances.

"Brute-force attacks on Postgres involve repeatedly attempting to guess the database credentials until access is gained, exploiting weak passwords," Aqua security researcher Assaf Morag said in a technical report.

"Once accessed, attackers can leverage the COPY ... FROM PROGRAM SQL command to execute arbitrary shell commands on the host, allowing them to perform malicious activities such as data theft or deploying malware."

The attack chain observed by the cloud security firm entails targeting misconfigured PostgreSQL databases to create an administrator role in Postgres and exploiting a feature called PROGRAM to run shell commands.

Cybersecurity researchers have disclosed a critical security flaw in the LiteSpeed Cache plugin for WordPress that could permit unauthenticated users to gain administrator privileges.

"The plugin suffers from an unauthenticated privilege escalation vulnerability which allows any unauthenticated visitor to gain Administrator level access after which malicious plugins could be uploaded and installed," Patchstack's Rafie Muhammad said in a Wednesday report.

The vulnerability, tracked as CVE-2024-28000 (CVSS score: 9.8), has been patched in version 6.4 of the plugin released on August 13, 2024. It impacts all versions of the plugin, including and prior to 6.3.0.1.

LiteSpeed Cache is one of the most widely used caching plugins in WordPress with over five million active installations.

Things are changing at Ford. Again. Apparently, and perhaps understandably, fed up with the lack of profits from electric vehicles despite becoming America's second-best-selling EV brand behind Tesla, the Dearborn automaker is retooling its electrified roadmap.

A three-row electric SUV is out, a hybrid three-row SUV is in, and a truck that seems like an F-150 Lightning replacement has been pushed back to 2027.

But one of the most interesting details in Ford's strategy announcement today deals with the secretive "skunkworks" project based in California: the first vehicle on a new, lower-cost EV platform will be a midsize pickup truck, not a compact one as many—including us—had assumed. 

Tesla is issuing a new recall for more than 9,000 of its Model X SUVs due to roof cosmetic trim pieces that could fly off while driving because they may have been adhered without primer. It’s the second such recall from the company to address the issue on the Model X, the first one issued in 2020, and it is again specific to early 2016 vehicle models.

Tesla often pushes software updates to address recalls, including a repeat Autopilot safety issue where it does not warn drivers effectively. But for the Model X roof issue, Tesla will need to actually take a gander at thousands of vehicles in person.

To remedy the Model X voluntary recall, Tesla Service will “test the roof trim adhesion and reattach the trim pieces as necessary” for free.

Ford has written off $1.9bn as it cancelled plans for an all-electric large SUV in the US, opting to produce a hybrid version instead in the latest sign of western carmakers struggling to make profitable electric cars.

The US carmaker said on Wednesday that it would not be able to reach a profit on the electric SUV within a year, its measure of whether a new car is viable, citing the stiff competition from Chinese manufacturers. It will initially write off the cost of $400m (£300m) in tooling for the vehicle, plus another $1.5bn (£1.15bn) in extra costs in the future.

Ford also said it would delay the successor to its F-150 Lightning electric pickup truck until 2027, after initially targeting a launch next year.

Back in 2013, Nvidia introduced a new technology called G-Sync to eliminate screen tearing and stuttering effects and reduce input lag when playing PC games. The company accomplished this by tying your display's refresh rate to the actual frame rate of the game you were playing, and similar variable refresh-rate (VRR) technology has become a mainstay even in budget monitors and TVs today.

The issue for Nvidia is that G-Sync isn't what has been driving most of that adoption. G-Sync has always required extra dedicated hardware inside of displays, increasing the costs for both users and monitor manufacturers. The VRR technology in most low-end to mid-range screens these days is usually some version of the royalty-free AMD FreeSync or the similar VESA Adaptive-Sync standard, both of which provide G-Sync's most important features without requiring extra hardware. Nvidia more or less acknowledged that the free-to-use, cheap-to-implement VRR technologies had won in 2019 when it announced its "G-Sync Compatible" certification tier for FreeSync monitors. The list of G-Sync Compatible screens now vastly outnumbers the list of G-Sync and G-Sync Ultimate screens.

AutoGuide reported today that Subaru has trademarked the “e-Outback” moniker in Japan. The trademark application was filed in early August and published today. Rumors of a hybrid Outback have been running wild among Redditors for months but Subaru has yet to confirm anything on those lines.

A maximum-severity security flaw has been disclosed in the WordPress GiveWP donation and fundraising plugin that exposes more than 100,000 websites to remote code execution attacks.

The flaw, tracked as CVE-2024-5932 (CVSS score: 10.0), impacts all versions of the plugin prior to version 3.14.2, which was released on August 7, 2024. A security researcher, who goes by the online alias villu164, has been credited with discovering and reporting the issue.

The plugin is "vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'give_title' parameter," Wordfence said in a report this week.

Voters in Montana will decide in November whether to enshrine a right to abortion in the state Constitution, joining eight other states with similar citizen-sponsored questions on their ballots.

Montana’s secretary of state sent an email late Tuesday to the coalition of abortion rights groups sponsoring the measure, certifying that they had collected enough valid signatures to place it on the ballot. The coalition had submitted more than 117,000 signatures, nearly double the 60,039 required and the most submitted for a ballot measure in Montana history.

And in Arizona — which, like Montana, was facing a Thursday deadline to certify its ballots — the state’s Supreme Court rejected an appeal late Tuesday from anti-abortion groups trying to strike a similar measure that the secretary of state there had approved last week. The justices, all appointed by Republicans, said that their decision did not signal support for the measure, only that they did not agree with the technical objection raised by the anti-abortion groups about the language used on ballot petitions.

Puerto Rico activated the National Guard and canceled the start of classes in public schools as forecasters warned that the U.S. territory would be hit by Tropical Storm Ernesto, which formed in the Atlantic Ocean on Monday.

Tropical storm warnings were in effect for Puerto Rico, Vieques, Culebra, the U.S. and British Virgin Islands, Antigua, Barbuda, Anguilla, St. Kitts, Nevis, Montserrat, Guadeloupe, St. Martin, St. Barts and St. Maarten.

Officials in the French Caribbean said the storm was expected to drench Guadeloupe on Monday and pass near St. Barts and St. Martin. The National Hurricane Center said Ernesto is forecast to move over or near Puerto Rico and the U.S. and British Virgin Islands on Tuesday evening.

Arizona voters will get to decide in November whether to add the right to an abortion to the state constitution.

The Arizona secretary of state’s office said Monday that it had certified 577,971 signatures — far above the required number that the coalition supporting the ballot measure had to submit in order to put the question before voters.

The coalition, Arizona for Abortion Access, said it is the most signatures validated for a citizens initiative in state history.