2020 was a roller coaster of major, world-shaking events. We all couldn't wait for the year to end. But just as 2020 was about to close, it pulled another fast one on us: the SolarWinds hack, one of the biggest cybersecurity breaches of the 21st century. The SolarWinds hack was a major event not because a single company was breached, but because it triggered a much larger supply chain incident that affected thousands of organizations, including the U.S. government. What is SolarWinds? SolarWinds is a major software company based in Tulsa, Okla., which provides system management tools for network and infrastructure monitoring, and other technical services to hundreds of thousands of organizations around the world. Among the company's products is an IT performance monitoring system called Orion. As an IT monitoring system, SolarWinds Orion has privileged access to IT systems to obtain log and system performance data. It is that privileged position and its wide deployment that made SolarWinds a lucrative and attractive target. What is the SolarWinds hack? The SolarWinds hack is the commonly used term to refer to the supply chain breach that involved the SolarWinds Orion system. In this hack, suspected nation-state hackers that have been identified as a group known as Nobelium by Microsoft -- and often simply referred to as the SolarWinds Hackers by other researchers -- gained access to the networks, systems and data of thousands of SolarWinds customers. The breadth of the hack is unprecedented and one of the largest, if not the largest, of its kind ever recorded. More than 30,000 public and private organizations -- including local, state and federal agencies -- use the Orion network management system to manage their IT resources. As a result, the hack compromised the data, networks and systems of thousands when SolarWinds inadvertently delivered the backdoor malware as an update to the Orion software. SolarWinds customers weren't the only ones affected. Because the hack exposed the inner workings of Orion users, the hackers could potentially gain access to the data and networks of their customers and partners as well -- enabling affected victims to grow exponentially from there. Orion Platform hack compromised networks of thousands of SolarWinds customers Hackers compromised a digitally signed SolarWinds Orion network monitoring component, opening a backdoor into the networks of thousands of SolarWinds government and enterprise customers. How did the SolarWinds hack happen? The hackers used a method known as a supply chain attack to insert malicious code into the Orion system. A supply chain attack works by targeting a third party with access to an organization's systems rather than trying to hack the networks directly. The third-party software, in this case the SolarWinds Orion Platform, creates a backdoor through which hackers can access and impersonate users and accounts of victim organizations. The malware could also access system files and blend in with legitimate SolarWinds activity without detection, even by antivirus software. SolarWinds was a perfect target for this kind of supply chain attack. Because their Orion software is used by many multinational companies and government agencies, all the hackers had to do was install the malicious code into a new batch of software distributed by SolarWinds as an update or patch. The SolarWinds hack timeline Here is a timeline of the SolarWinds hack: September 2019. Threat actors gain unauthorized access to SolarWinds network October 2019. Threat actors test initial code injection into Orion Feb. 20, 2020. Malicious code known as Sunburst injected into Orion March 26, 2020. SolarWinds unknowingly starts sending out Orion software updates with hacked code According to a U.S. Department of Homeland Security advisory, the affected versions of SolarWinds Orion are versions are 2019.4 through 2020.2.1 HF1. More than 18,000 SolarWinds customers installed the malicious updates, with the malware spreading undetected. Through this code, hackers accessed SolarWinds's customer information technology systems, which they could then use to install even more malware to spy on other companies and organizations. Who was affected? According to reports, the malware affected many companies and organizations. Even government departments such as Homeland Security, State, Commerce and Treasury were affected, as there was evidence that emails were missing from their systems. Private companies such as FireEye, Microsoft, Intel, Cisco and Deloitte also suffered from this attack. The breach was first detected by cybersecurity company FireEye. The company confirmed they had been infected with the malware when they saw the infection in customer systems. FireEye labeled the SolarWinds hack "UNC2452" and identified the backdoor used to gain access to its systems through SolarWinds as "Sunburst." Microsoft also confirmed that it found signs of the malware in its systems, as the breach was affecting its customers as well. Reports indicated Microsoft's own systems were being used to further the hacking attack, but Microsoft denied this claim to news agencies. Later, the company worked with FireEye and GoDaddy to block and isolate versions of Orion known to contain the malware to cut off hackers from customers' systems. They did so by turning the domain used by the backdoor malware used in Orion as part of the SolarWinds hack into a kill switch. The kill switch here served as a mechanism to prevent Sunburst from operating further. Nonetheless, even with the kill switch in place, the hack is still ongoing. Investigators have a lot of data to look through, as many companies using the Orion software aren't yet sure if they are free from the backdoor malware. It will take a long time before the full impact of the hack is known. Why did it take so long to detect the SolarWinds attack? With attackers having first gained access to the SolarWinds systems in September 2019 and the attack not being publicly discovered or reported until December 2020, attackers may well have had 14 or more months of unfettered access. The time it takes between when an attacker is able to gain access and the time an attack is actually discovered is often referred to as dwell time. According to a report released in January 2020 by security firm CrowdStrike, the average dwell time in 2019 was 95 days. Given that it took well over a year from the time the attackers first entered the SolarWinds network until the breach was discovered, the dwell time in the attack exceeded the average. The question of why it took so long to detect the SolarWinds attack has a lot to do with the sophistication of the Sunburst code and the hackers that executed the attack. "Analysis suggests that by managing the intrusion through multiple servers based in the United States and mimicking legitimate network traffic, the attackers were able to circumvent threat detection techniques employed by both SolarWinds, other private companies, and the federal government," SolarWinds said in its analysis of the attack. FireEye, which was the first firm to publicly report the attack, conducted its own analysis of the SolarWinds attack. In its report, FireEye described in detail the complex series of action that the attackers took to mask their tracks. Even before Sunburst attempts to connect out to its command-and-control server, the malware executes a number of checks to make sure no antimalware or forensic analysis tools are running. What was the purpose of the hack? The purpose of the hack remains largely unknown. Still, there are many reasons hackers would want to get into an organization's system, including having access to future product plans or employee and customer information held for ransom. It is also not yet clear what information, if any, hackers stole from government agencies. But the level of access appears to be deep and broad. There are speculations that many enterprises might be collateral damage, as the main focus of the attack was government agencies that make use of the SolarWinds IT management systems. Who was responsible for the hack? Federal investigators and cybersecurity agents believe a Russian espionage operation -- mostly likely Russia's Foreign Intelligence Service -- is behind the SolarWinds attack. The Russian government has denied any involvement in the attack, releasing a statement that said, "Malicious activities in the information space contradicts the principles of the Russian foreign policy, national interests and understanding of interstate relations." They also added that "Russia does not conduct offensive operations in the cyber domain." Contrary to experts in his administration, then-President Donald Trump hinted at around the time of the discovery of the SolarWinds hack that Chinese hackers might be behind the cybersecurity attack. However, he did not present any evidence to back up his claim. Shortly after his inauguration, President Joe Biden vowed that his administration intended to hold Russia accountable, through the launch of a full-scale intelligence assessment and review of the SolarWinds attack and those behind it. The president also created the position of deputy national security adviser for cybersecurity as part of the National Security Council. The role, held by veteran intelligence operative Anne Neuberger, is part of an overall bid by the Biden administration to refresh the federal government's approach to cybersecurity and better respond to nation-state actors. Naming the attack: What is Solorigate, Sunburst and Nobelium? The SolarWinds attack has a number of different names associated with it. While the attack is often referred to simply as the SolarWinds attack, that isn't the only name to know. Sunburst. This is the name of the actual malicious code injection that was planted by hackers into the SolarWinds Orion IT monitoring system code. Both SolarWinds and CrowdStrike generally refer to the attack as Sunburst. Solorigate. Microsoft initially dubbed the actual threat actor group behind the SolarWinds attack as Solorigate. It's a name that stuck and was adopted by other researchers as well as media. Nobelium. In March 2021, Microsoft decided that the primary designation for the threat actor behind the SolarWinds attack should actually be Nobelium -- the idea being that the group is active against multiple victims -- not just SolarWinds -- and uses more malware than just Sunburst. The China connection to the SolarWinds attack While it is suspected that the initial Sunburst code and the attack against SolarWinds and its users came from a threat actor based in Russia, other nation-state threat actors have also used SolarWinds in attacks. According to a Reuters report, suspected nation-state hackers based in China exploited SolarWinds during the same period of time the Sunburst attack occurred. The suspected China-based threat actors targeted the National Finance Center, which is a payroll agency within the U.S. Department of Agriculture. It is suspected that the China-based attackers did not use Sunburst, but rather a different malware that SolarWinds identifies as Supernova. Why is the SolarWinds hack important? The SolarWinds supply chain attack is a global hack, as threat actors turned the Orion software into a weapon gaining access to several government systems and thousands of private systems around the world. Due to the nature of the software -- and by extension the Sunburst malware -- having access to entire networks, many government and enterprise networks and systems face the risk of significant breaches. The hack could also be the catalyst for rapid, broad change in the cybersecurity industry. Many companies and government agencies are now in the process of devising new methods to react to these types of attacks before they happen. Governments and organizations are learning that it is not enough to build a firewall and hope it protects them. They have to actively seek out vulnerabilities in their systems, and either shore them up or turn them into traps against these types of attacks. Since the hack was discovered, SolarWinds has recommended customers update their existing Orion platform. The company has released patches for the malware and other potential vulnerabilities discovered since the initial Orion attack. SolarWinds also recommended customers not able to update Orion isolate SolarWinds servers and/or change passwords for accounts that have access to those servers. The greater White House cybersecurity focus will be crucial, some industry experts have said. But organizations should consider adopting modern software-as-a-service tools for monitoring and collaboration. While the cybersecurity industry has significantly advanced in the last decade, these kinds of attacks show that there is still a long way to go to get really secure systems. The Nobelium group continues to attack targets The suspected threat actor group behind the SolarWinds attack has remained active in 2021 and hasn't stopped at just targeting SolarWinds. On May 27, 2021, Microsoft reported that Nobelium, the group allegedly behind the SolarWinds attack, infiltrated software from email marketing service Constant Contact. According to Microsoft, Nobelium targeted approximately 3,000 email accounts at more than 150 different organizations. The initial attack vector appears to be an account used by USAID. From that initial foothold, Nobelium was able to send out phishing emails in an attempt to get victims to click on a link that would deploy a backdoor Trojan designed to steal user information.

This repository contains the experimental set up used for the paper: Bidding in Local Electricity Markets with CascadingWholesale Market Integration submitted to IJEPES journal Elsevier 2020

Decentralized Finance & It's use cases- DeFi (Decentralized Finance) Another open-world approach to the current financial system. Products that allow you to borrow, save, invest, trade, and more. Based on open source technology anyone can plan with. DeFi is an open and global financial system that has been built for years - another way of being a sharp, tightly managed, and cohesive system of decades-old infrastructure and processes. It gives you more control and visibility than your money. It gives you exposure to global markets and other options for your local currency or banking options. DeFi products open financial services to anyone with an internet connection and are highly managed and maintained by their users. To date, tens of billions of dollars worth of crypto have gone through DeFi applications and is growing every day. What is DeFi? DeFi is an integrated name for financial products and services accessible to anyone who can use Ethereum - anyone with an Internet connection. With DeFi, markets remain open and no central authorities can block payments or deny you access to anything. Services that used to be slow and vulnerable to human error are now automated and secure as they are governed by a code that anyone can check and evaluate. There is a thriving crypto-economy out there, where you can borrow, borrow, length / short, earn interest, and more. Crypto-savvy Argentinians have used DeFi to escape inflation. Companies have begun distributing their pay to their employees in real-time. Some people even withdraw and repay loans worth millions of dollars without the need for personal information. DeFi vs Traditional Finance One of the best ways to see the power of DeFi is to understand the problems that exist today. Some people are not given access to setting up a bank account or using financial services. Lack of access to financial services can prevent people from being employed. Financial services can prevent you from paying. Hidden payment for financial services is your data. Governments and private institutions can close markets at will. Trading hours are usually limited to one-hour business hours. Transfers may take days due to personal processes. There is a premium for financial services because mediation institutions require their cutting. DeFi Use Cases DeFi has revolutionized the financial world over the past few years. This new approach to financial planning can transcend asset systems through efficiency and security. It is true that there are certain dangers in DeFi but those are within the concrete limits. Let's take a look at the most effective DeFi usage cases - Asset Management One of DeFi's biggest effects is that users can now enjoy more control over their assets. Many DeFi projects provide solutions that allow users to manage their assets, including - buying, selling, and transferring digital assets. Therefore, users can also earn interest on their digital assets. Contrary to the traditional financial system, DeFi allows users to maintain the privacy of their sensitive information. Think of the secret keys or passwords of your financial accounts - you should have shared that information with the appropriate organizations beforehand. Now, different DeFi projects, such as Metamask, Argent, or Gnosis Safe help users encrypt and store those pieces of information on their devices. This ensures that only users have access to their accounts and can manage their assets. Therefore, asset management is one of the most widely used financial services cases for users. Compliance with AML and CFT Rates through the KYT Mechanism Traditional financial systems focus heavily on Know-Your-Customer (KYC) agreements. KYC Guidelines are its major law enforcement tool for using Anti-Money Laundering (AML) and Countering-the-Financing-of-Terrorism (CFT) standards. However, KYC guidelines often conflict with DeFi's privacy efforts. DeFi responds to this problem with a new concept called the Know-Your-Transaction (KYT) mechanism. This approach suggests that low-level infrastructure will focus on ethical behavior for digital addresses rather than user considerations. Therefore, KYT solves two issues simultaneously - monitoring real-time operations and ensuring user privacy. This makes KYT one of the biggest gaps in low-cost cases. Non-Governmental Organizations or DAOs The DAOs are partners of the central financial institutions of DeFi - making it one of the pillars of low-income finance cases. In the traditional system, central financial institutions play a major role. These organizations operate as administrative institutions that regulate basic financial operations, such as monetization, asset management, administrative utilization, etc. The Ethereum blockchain echerestem has introduced empowered organizations to achieve the same goals. However, DAOs are naturally empowered and do not conform to the limits set by central governments or authorities. Analysis and Risk Tools Transparency and redistribution of world power have opened the way for the discovery and analysis of unprecedented user data. With access to this information, users can make informed business decisions, discover new financial opportunities, and implement better risk management strategies. A new type of data analytics with useful blockchain tools and dashboards has emerged in this industry trend. DeFi projects such as DeFi Pulse or CoDeFi Data bring an impressive amount of analytics and risk management tool. Now, businesses are moving faster as they enjoy unpredictable competitive advantages. This is certainly one of the most widely used financial cases. Receivables and Manufacturing Goods Smart contracts allow for the receipt of token receipts and have become one of the most distinctive scenarios for DeFi use. Making a token further means setting a contract value based on the underlying financial asset or set of assets. This underlying financial asset acts as a security measure, which means it can include - bonds, fiat currencies, commodities, market indicators, interest rates, or stock prices. Now, the issuance of outgoing tokens is a secondary security and their value varies with the number of key securities (bonds or fiat money). Thus, the output actually creates artificial goods. Synthetix and dYdX are some of the leading DeFi projects focused on token acquisitions. Network Infrastructure Effect In a DeFi ecosystem, objects within the system can connect and interact. This design feature is known as integration and serves as a protocol for infrastructure development. As a result, DeFi projects are continuously integrated with the network result. Infrastructure tools for use of DeFi applications are remarkable. Various DeFi projects, such as TruffleSuite or InfuraAPI, are good examples in this case. Enhanced Digital ID Blockchain-based identity system systems are already gaining a lot of attention in recent times. Pairing DeFi programs with these patent systems can help people access the global economic system. The traditional method rewards personal income or assets collected as credit providers. With digital identity paired with DeFi, you may be looking for other practical attributes, such as - financial services or professional ability. This new type of digital ID can help the poor to access DeFi apps from any internet connection. It can certainly be one of the cases of possible use. Insurance Insurance is one of the largest financial institutions and has already been proven to be one of the biggest charges for using DeFi. The current insurance system is crowded with paperwork, old audit plans, and bureaucratic insurance claim processes. With the successful implementation of smart contracts, all these problems with the current system can be solved. Many DeFi projects (Nexus Mutual, Opyn, and VouchForMe) provide blockchain access to insurance against DeFi or contract risk. P2P borrowing and borrowing As DeFi bids farewell to traditional banking systems, a space for the lending and lending market has emerged. Therefore, borrowing and lending is one of the most important aspects of using DeFi. However, the DeFi ecosystem is well suited for peer-to-peer (P2P) borrowing and lending efforts. Many DeFi projects have already entered the market focusing on this particular application case. Among these programs, Compound and PoolTogether are two well-known names. These projects have independent policies for lending and lending. Payment Solutions One of DeFi's top drivers was serving non-bankers or understated banks from the get-go. DeFi's natural features make it ideal for solving the problems of current global payment systems. DeFi provides fast, secure, and transparent solutions compared to asset systems. As DeFi lowers the demand for intermediaries, making payments easier and more transparent, DeFi-based blockchain-based payment solutions can appeal to non-bankers.

Native mobile eCommerce app designed for auctioning items. React Native, MySQL and GraphQL.

ReverseHand is a mobile application built with the vision of connecting local contractors and customers with a focus on reducing the power imbalances customers may face when seeking trade services. To achieve this, the mobile application enables customers to advertise their need for services through job postings where contractors can submit bids for selection and employment. ReverseHand strives to make life easier for its users by integrating the entire process of finding a contractor into one application. All communication is done through an integrated chat-application and all payments are processed securely through the app.

Auctions are among the oldest economic institutions in place and they are still in use. In this dissertation, we explore the efficiency of common auctions when values are interdependent. The value to a particular bidder may depend on information available only to others and asymmetric. In this setting, it is well known that sealed-bid auctions do not achieve efficient allocations in general since they do not allow the information held by different bidders to be shared. With the point and click of the mouse, one may bid on an item they may need or just want, and in moments they find that either they are the top bidder or someone else wants it more, and you’re outbid! , while meeting the needs of its users. Online Auction System project is used to bid from the comfort of ones owns preferred place has seen a change like never seen before. Online Auction System provides the complete information related to products for sale and the buyers can bid for the products and can own them all this has to be provided. Sellers want a place where seller can sale their products at a higher price and get maximum benefit out of that. The people always want different things to purchase but in the local market they can have local products only but in this application buyer can buy any product from any part of the world at a very best competitive price and own the product. Tools Used : Web Development using JSP, MySQL, Netbeans IDE , SQLyog Start Date : November 2019 End Date : April 2020

Local developer console for Bidding and Auction Services

AgentBazaar is a local multi-agent simulation where AI agents autonomously trade skills. It simulates a gig economy where agents post tasks, bid for work, negotiate contracts, execute deliverables, and validate results—all without human intervention.

hobby project built entirely for my own satisfaction with java, springboot & react as front end. Stemmed from my brief interest in mechanical keyboards, its a store where you can auction and bid for exclusive keebs. Built multiple microservices, created a local kubernetes cluster using kind. Integrated it with front-end built using react.

Bidder is a full-stack web application that allows users to bid on local art pieces in Houston, TX.

No description available

This is a short repository that continuously saves to local files the Bid and Ask Books of chosen tokens on Bittrex that have both BTC and ETH markets.

How to calibrate a local stochastic volatility model using neural networks. Improvements include; incorporation of real data, refined control variate, and extension to directional (bid-ask) setting (using conic finance framework).

its a local multiplayer game with a auction system, crud operation for teams and players, the highest bidder will win the player, and the team with the highest rating will win. used MERN [Next.js for frontend and Express.js for backend]

Google paid search Marketing A Beginner's Guide Google paid search Marketing When you search for something on Google, the first thing you see in search engine results pages (SERPs) will not always be a list of organic websites. It won't always be a SERP (featured snippet or "people also ask" list) either. In fact, there is only one thing that can trump both: advertising(online advertising). online advertising What you see here is the outcome of paid search(online advertising)advertising(online advertising) inquiry showcasing. It very well may be an important strategy in your promoting procedure. But paid search marketing(online advertising) is not as simple as giving Google money to publish your ad(paid search advertising). There are a lot of them, and on schedule, you'll comprehend why paid inquiry is completely helpless before the nature of your site's substance. But first: What is paid search marketing? Paid search marketing (google digital marketing) is any pay-per-click search engine marketing(web marketing) service offered by Google, Bing, and other search engines that allows companies to advertise directly on search results pages. Advertisers bid on the amount they are willing to pay each time a searcher clicks on their ad. This fee is called cost-per-click (CPC)(pay-per-click audit). What is the difference between search engine marketing, search engine marketing (PPC), and paid search, online advertising? Different names for paid request fuse web search device advancing (SEM), search publicizing, paid pursuit promoting, or basically search displaying. You may likewise have heard that paid search, online advertising are utilized reciprocally with pay-per-click (PPC) promoting. For instance, you might discover PPC ads on another advertising(online advertising) channel, such as Facebook or LinkedIn. Just remember that search engine marketing(web marketing) campaigns focus entirely on driving traffic from search engine results pages to your website. What is the qualification between Digital marketing and organic search? Digital marketing experts might utilize a two-dimensional methodology when drawing in rush hour gridlock from web search tools. The primary strategy, portrayed in the past area, utilizes paid advertisement organizations to convey relevant messages within search engine results. The second method uses search engine optimization (SEO) to drive organic traffic - which consists of people who naturally search for and click on links to your website. In this case, you do not pay anything to Google, your content is self-contained. Why use paid search marketing, online advertising? Search ads can help build brand awareness - they are, after all, the first thing a user sees in SERPs. Even though search advertisements have a lower active clicking factor than the initial three natural outcomes, they convert guests at over two times the rate of natural outcomes. Search ads have a higher CTR (3%-5%) than ad networks such as image and paid social networks (about 1%). Paid search ads(online advertising) can be an abbreviation of your product or service pages. They are immune to ad blockers. Short, paid search for a long story gives you a good impact on your profit, providing a higher CTR than any other type of pay-per-click advertising(online advertising) and a stronger average conversion rate than organic search. Paid search marketing examples: The three most normal kinds of paid pursuit promotions that will show up in SERPs are: 1. Paid search listings These text promotions are shown as connections to site pages at the highest point of the SERPs,, and are accompanied by an "ad" disclaimer, title tag, and meta description: Paid search marketing 2. Shopping lists These will generally show up as a sidebar in the SERPs and will show product advertisements that lead straightforwardly to an internet-based retail location. Paid search marketing 3. Local Service Ads google paid advertising Local Service Ads are sponsored listings of services in your area; To display these ads, )google paid advertising(online advertising) must know your location. Unlike shopping and text ads, local service ads operate on a cost-per-lead basis, with the lead calculated as phone calls, reservations, or messages made directly through the ad. How Paid Search Marketing Works Paid Search Marketing Works A glimpse of key terms: Monthly search volume: The number of keyword searches per month. Impression: When your ad is displayed on the page. click: When a client taps on your promotion. Click-through rate (CTR): The percentage of times an impression leads to a click. Conversion: When a user completes the requested action once they reach your ad page. Conversion rate: the percentage of users who visit your page and complete the requested action. Average CPC: The average cost per click. All paid searches begin with the Google Ads program(google paid advertising), formerly known as Google AdWords. (Bing is an option too, but we'll focus on Google ads for the purpose of this guide.)

Matlab function for calculating the BLD

No description available

A Local Online Marketplace for Buying & Selling with Bids

A Local Online Marketplace for Buying & Selling with Bids ||| Server

This is a project for local governments to manage their Bids, Quotes, and Proposals

A virtual application that runs on a local server and lets users bid and sell for items concurrently.

Connecting network of independent delivery drivers to bid for local delivery jobs and paid directly for their services.

A fun project for making a local bid on the same device - part of my journey of 100Days of Code - Python, Udemy course by Angela Yu

A Service Bidding Platform- A functional prototype and a proof of concept, that allows for local/small companies to bid for job which are created by individuals looking for workforce.

A local server-based online auction platform built using PHP Full Stack technologies. Users can list, bid, and manage products in a secure and user-friendly auction system running on XAMPP.

This assignment report presents a conceptual data model designed for a local charity organization to address challenges in managing their auction and fundraising activities. The model aims to improve operational efficiency, enhance accountability, and maximize fundraising revenue by streamlining donor and bidder information management.

A full-stack platform connecting users with local contractors for home improvement. Users post tenders, contractors bid, supervisors monitor, and an ML model previews proposed changes on house images.

LocalBid

No description available

transparent contractor market place where bids are public