Serbian performance artist tells Pyramid stage crowd to confront cyclical violence in thousands-strong ‘collaboration’

It’s been home to some of the UK’s loudest singalongs, most propulsive rap lyrics and most cacophonous guitar solos. But the Pyramid stage at Glastonbury experienced something almost unprecedented in its history on Friday: total silence.

The Serbian artist Marina Abramović, invited by festival organisers Michael and Emily Eavis, led the audience in what she called a “collaboration” called Seven Minutes of Collective Silence, to “see how we can feel positive energy in the entire universe” and act as a bulwark against the horrors of war and violence.

War in Gaza, a failed coup in Bolivia, protests in Nairobi and Taylor Swift at Wembley: the last seven days as captured by the world’s leading photojournalists

A former dairy business now hosts a thriving artistic community – and a spectacular converted barn

Suzanne Blank Redstone and her husband, Peter Redstone, have lived on the same Devon farm, nestled in a tree-fringed valley a mile from the sea, for 50 years. The couple’s current home was once their cowshed, a simple, functional structure that they built in 1979 to shelter their herd of Jerseys over winter.

Today, it’s an architectural statement, albeit a very livable one. It was shortlisted for the Royal Institute of British Architects’ house of the year in 2023 and bagged a prestigious Manser medal, too, while a photograph of the property was selected for this year’s Royal Academy of Arts’ Summer Exhibition, which runs in London until 18 August.

Serbian artist hopes Friday’s ‘public intervention’ will make festival goers reflect on the current state of the world

Glastonbury’s Pyramid Stage has played host to some of the loudest rock bands in the world and mass sing-alongs with thousands of participants, but on Friday the artist Marina Abramović will step out and ask the crowd to do something different: remain silent for seven minutes.

“I am terrified,” said Abramović, whose performance pieces have made her one of the most famous artists in the world. “I don’t know any visual artists who have done something like this in front of 175,000 to 200,000 people. The largest audience I ever had was 6,000 people in a stadium and I was thinking ‘wow’, but this is really beyond anything I’ve done.”

Enlarge / Apple has a lot to say about the third-party battery market in "Longevity, by Design," specifically about how many batteries fail to meet testing standards. (credit: Apple)

Earlier this week, Apple published a whitepaper titled "Longevity by Design." The purpose, Apple says, is to explain "the company's principles for designing for longevity—a careful balance between product durability and repairability." It also contains some notable changes to Apple's parts pairing and repair technology.

Here is a summary of the action items in the document's 24 pages:

• The self-service diagnostics tool that arrived in the US last year is now available in 32 European countries.
• True Tone, the color-balancing screen feature, can soon be activated on third-party screens, "to the best performance that can be provided."
• Battery statistics, like maximum capacity and cycle count, will be available "later in 2024" for third-party batteries, with a notice that "Apple cannot verify the information presented."
• Used Apple parts, transferred from one to another, will be "as easy to use as new Apple parts" in select products "later this year."
• Parts for "most repairs" from Apple's Self Service Repair program will no longer require a device serial number to order.

Changes timed to "later this year" may well indicate their arrival with iOS 18 or a subsequent update.

Read 12 remaining paragraphs | Comments

Watercolour drawing for first book’s cover becomes most expensive item from the series ever sold at auction

A watercolour drawing for Harry Potter and the Philosopher’s Stone has fetched a record amount at auction.

The artwork for the cover of the first book in the JK Rowling series fetched $1.9m (£1.5m) at a sale by Sotheby’s auction house in New York on Wednesday.

Invoking philosophy, womanhood and religion, the Delhi- and London-based artist turns material objects into something truly human

When Bharti Kher talks about her sculptures, she gives them pronouns. For two decades, the British-born artist, who lives between Delhi and London, has been making the most startling works to investigate the female body and all of them have become characters in their own right. As she puts it, “my sculptures are alive – they run around the gallery at night when we’re all asleep.”

“I am an animist,” Kher tells me. Central to her work is the ancient belief in universal consciousness and in the potential of all material. This openness to the beyond infuses the survey show – part retrospective, part new commission – she has opened at Yorkshire Sculpture Park (YSP) near Wakefield. Taken as a whole, the exhibition describes a most restless mind.

Throughout the 1970s, 80s and 90s, Mike Abrahams travelled the country photographing National Front marches, prison life and people’s everyday struggles

Implementing Single Sign-On (SSO) into Small and Medium-sized Businesses (SMBs)

Improving User Experience and Support

Enlarge (credit: bennymarty | iStock Editorial / Getty Images Plus)

Adobe has promised to update its terms of service to make it "abundantly clear" that the company will "never" train generative AI on creators' content after days of customer backlash, with some saying they would cancel Adobe subscriptions over its vague terms.

Users got upset last week when an Adobe pop-up informed them of updates to terms of use that seemed to give Adobe broad permissions to access user content, take ownership of that content, or train AI on that content. The pop-up forced users to agree to these terms to access Adobe apps, disrupting access to creatives' projects unless they immediately accepted them.

For any users unwilling to accept, canceling annual plans could trigger fees amounting to 50 percent of their remaining subscription cost. Adobe justifies collecting these fees because a "yearly subscription comes with a significant discount."

Read 25 remaining paragraphs | Comments

If only Patch Tuesdays came around infrequently — like total solar eclipse rare — instead of just creeping up on us each month like The Man in the Moon. Although to be fair, it would be tough for Microsoft to eclipse the number of vulnerabilities fixed in this month’s patch batch — a record 147 flaws in Windows and related software.

Yes, you read that right. Microsoft today released updates to address 147 security holes in Windows, Office, Azure, .NET Framework, Visual Studio, SQL Server, DNS Server, Windows Defender, Bitlocker, and Windows Secure Boot.

“This is the largest release from Microsoft this year and the largest since at least 2017,” said Dustin Childs, from Trend Micro’s Zero Day Initiative (ZDI). “As far as I can tell, it’s the largest Patch Tuesday release from Microsoft of all time.”

Tempering the sheer volume of this month’s patches is the middling severity of many of the bugs. Only three of April’s vulnerabilities earned Microsoft’s most-dire “critical” rating, meaning they can be abused by malware or malcontents to take remote control over unpatched systems with no help from users.

Most of the flaws that Microsoft deems “more likely to be exploited” this month are marked as “important,” which usually involve bugs that require a bit more user interaction (social engineering) but which nevertheless can result in system security bypass, compromise, and the theft of critical assets.

Ben McCarthy, lead cyber security engineer at Immersive Labs called attention to CVE-2024-20670, an Outlook for Windows spoofing vulnerability described as being easy to exploit. It involves convincing a user to click on a malicious link in an email, which can then steal the user’s password hash and authenticate as the user in another Microsoft service.

Another interesting bug McCarthy pointed to is CVE-2024-29063, which involves hard-coded credentials in Azure’s search backend infrastructure that could be gleaned by taking advantage of Azure AI search.

“This along with many other AI attacks in recent news shows a potential new attack surface that we are just learning how to mitigate against,” McCarthy said. “Microsoft has updated their backend and notified any customers who have been affected by the credential leakage.”

CVE-2024-29988 is a weakness that allows attackers to bypass Windows SmartScreen, a technology Microsoft designed to provide additional protections for end users against phishing and malware attacks. Childs said one of ZDI’s researchers found this vulnerability being exploited in the wild, although Microsoft doesn’t currently list CVE-2024-29988 as being exploited.

“I would treat this as in the wild until Microsoft clarifies,” Childs said. “The bug itself acts much like CVE-2024-21412 – a [zero-day threat from February] that bypassed the Mark of the Web feature and allows malware to execute on a target system. Threat actors are sending exploits in a zipped file to evade EDR/NDR detection and then using this bug (and others) to bypass Mark of the Web.”

Update, 7:46 p.m. ET: A previous version of this story said there were no zero-day vulnerabilities fixed this month. BleepingComputer reports that Microsoft has since confirmed that there are actually two zero-days. One is the flaw Childs just mentioned (CVE-2024-21412), and the other is CVE-2024-26234, described as a “proxy driver spoofing” weakness.

Satnam Narang at Tenable notes that this month’s release includes fixes for two dozen flaws in Windows Secure Boot, the majority of which are considered “Exploitation Less Likely” according to Microsoft.

“However, the last time Microsoft patched a flaw in Windows Secure Boot in May 2023 had a notable impact as it was exploited in the wild and linked to the BlackLotus UEFI bootkit, which was sold on dark web forums for $5,000,” Narang said. “BlackLotus can bypass functionality called secure boot, which is designed to block malware from being able to load when booting up. While none of these Secure Boot vulnerabilities addressed this month were exploited in the wild, they serve as a reminder that flaws in Secure Boot persist, and we could see more malicious activity related to Secure Boot in the future.”

For links to individual security advisories indexed by severity, check out ZDI’s blog and the Patch Tuesday post from the SANS Internet Storm Center. Please consider backing up your data or your drive before updating, and drop a note in the comments here if you experience any issues applying these fixes.

Adobe today released nine patches tackling at least two dozen vulnerabilities in a range of software products, including Adobe After Effects, Photoshop, Commerce, InDesign, Experience Manager, Media Encoder, Bridge, Illustrator, and Adobe Animate.

KrebsOnSecurity needs to correct the record on a point mentioned at the end of March’s “Fat Patch Tuesday” post, which looked at new AI capabilities built into Adobe Acrobat that are turned on by default. Adobe has since clarified that its apps won’t use AI to auto-scan your documents, as the original language in its FAQ suggested.

“In practice, no document scanning or analysis occurs unless a user actively engages with the AI features by agreeing to the terms, opening a document, and selecting the AI Assistant or generative summary buttons for that specific document,” Adobe said earlier this month.