Amazing News...

Internal Combustion Engine 617 by algui91 | 192 comments on Hacker News.

“About one-third of Basecamp employees accepted buyouts today” 522 by minimaxir | 461 comments on Hacker News.

It's your device, you should be able to repair it 482 by lsllc | 326 comments on Hacker News.

EU says Apple’s App Store breaks competition rules after Spotify complaint 536 by headmelted | 571 comments on Hacker News.

History of Techno 480 by unquote | 308 comments on Hacker News.

Google is saving $1B per year as a result of employees working from home 503 by pseudolus | 326 comments on Hacker News.

Who won the Amstel Gold Race? Human error in photo-finishes 493 by tomglynch | 187 comments on Hacker News.

An "aggressive" financially motivated threat group tapped into a zero-day flaw in SonicWall VPN appliances prior to it being patched by the company to deploy a new strain of ransomware called FIVEHANDS. The group, tracked by cybersecurity firm Mandiant as UNC2447, took advantage of an "improper SQL command neutralization" flaw in the SSL-VPN SMA100 product (CVE-2021-20016, CVSS score 9.8) that from The Hacker News https://ift.tt/3e6cF1O via IFTTT

Microsoft researchers on Thursday disclosed two dozen vulnerabilities affecting a wide range of Internet of Things (IoT) and Operational Technology (OT) devices used in industrial, medical, and enterprise networks that could be abused by adversaries to execute arbitrary code and even cause critical systems to crash. "These remote code execution (RCE) vulnerabilities cover more than 25 CVEs and from The Hacker News https://ift.tt/3xzLEeI via IFTTT

Perhaps due to the nature of the position, the InfoSec leadership roles tend to be solitary ones. CISOs, or their equivalent decision-makers in organizations without the role, have so many constant drains on their attention – keeping their knowledge fresh, building plans to secure their organizations further – that they often find themselves on an island. It’s even more challenging for from The Hacker News https://ift.tt/3vwS9xe via IFTTT

Click Studios, the Australian software firm which confirmed a supply chain attack affecting its Passwordstate password management application, has warned customers of an ongoing phishing attack by an unknown threat actor. "We have been advised a bad actor has commenced a phishing attack with a small number of customers having received emails requesting urgent action," the company said in an from The Hacker News https://ift.tt/3uiUo6M via IFTTT

Flu has disappeared worldwide during the Covid pandemic 564 by Brajeshwar | 630 comments on Hacker News.

Yayagram 607 by paulhart | 104 comments on Hacker News.

The number of cities with municipal broadband has jumped over 4x in two years 559 by sharkweek | 310 comments on Hacker News.

Kaspersky believes it found new CIA malware 551 by arkadiyt | 284 comments on Hacker News.

GitHub blocks FLoC across all of GitHub Pages 540 by pimterry | 209 comments on Hacker News.

Swimlanes.io – generated editable sequence diagrams 597 by smusamashah | 112 comments on Hacker News.

The maintainers of Composer, a package manager for PHP, have shipped an update to address a critical vulnerability that could have allowed an attacker to execute arbitrary commands and "backdoor every PHP package," resulting in a supply-chain attack. Tracked as CVE-2021-29472, the security issue was discovered and reported on April 22 by researchers from SonarSource, following which a hotfix was from The Hacker News https://ift.tt/3e0UN8k via IFTTT

An adversary known for its watering hole attacks against government entities has been linked to a slew of newly detected intrusions targeting various organizations in Central Asia and the Middle East. The malicious activity, collectively named "EmissarySoldier," has been attributed to a threat actor called LuckyMouse, and is said to have happened in 2020 with the goal of obtaining geopolitical from The Hacker News https://ift.tt/3vr4hQc via IFTTT

Hackers are scanning the internet for weaknesses all the time, and if you don't want your organization to fall victim, you need to be the first to find these weak spots. In other words, you have to adopt a proactive approach to managing your vulnerabilities, and a crucial first step in achieving this is performing a vulnerability assessment. Read this guide to learn how to perform vulnerability from The Hacker News https://ift.tt/3eLzuXM via IFTTT

Cybersecurity researchers on Wednesday exposed a new cyberespionage campaign targeting military organizations in Southeast Asia. Attributing the attacks to a threat actor dubbed "Naikon APT," cybersecurity firm Bitdefender laid out the ever-changing tactics, techniques, and procedures adopted by the group, including weaving new backdoors named "Nebulae" and "RainyDay" into their data-stealing from The Hacker News https://ift.tt/3nxkJeV via IFTTT

A previously undocumented Linux malware with backdoor capabilities has managed to stay under the radar for about three years, allowing the threat actor behind to harvest and exfiltrate sensitive information from infected systems. Dubbed "RotaJakiro" by researchers from Qihoo 360 NETLAB, the backdoor targets Linux X64 machines, and is so named after the fact that "the family uses rotate from The Hacker News https://ift.tt/2RbBvnD via IFTTT

Michael Collins, Apollo 11 astronaut, has died 617 by edwinbalani | 95 comments on Hacker News.

The health benefits of better air 648 by spekcular | 431 comments on Hacker News.

Dominance of Apple and Google’s app stores impacting competition and consumers 594 by skeletonjelly | 420 comments on Hacker News.

My experience with sexual harassment in the Scala community 597 by ingve | 656 comments on Hacker News.

Threat actors are increasingly adopting Excel 4.0 documents as an initial stage vector to distribute malware such as ZLoader and Quakbot, according to new research. The findings come from an analysis of 160,000 Excel 4.0 documents between November 2020 and March 2021, out of which more than 90% were classified as malicious or suspicious. <!--adsense--> "The biggest risk for the targeted from The Hacker News https://ift.tt/3u29opB via IFTTT

Cybersecurity researchers on Wednesday disclosed a new bypass vulnerability in the Kerberos Key Distribution Center (KDC) security feature impacting F5 Big-IP application delivery services. "The KDC Spoofing vulnerability allows an attacker to bypass the Kerberos authentication to Big-IP Access Policy Manager (APM), bypass security policies and gain unfettered access to sensitive workloads," from The Hacker News https://ift.tt/3sYXMlW via IFTTT

Never run Google ads if you have an Android app 659 by dfabulich | 214 comments on Hacker News.

Attention, Android users! A banking malware capable of stealing sensitive information is "spreading rapidly" across Europe, with the U.S. likely to be the next target. According to a new analysis by Proofpoint, the threat actors behind FluBot (aka Cabassous) have branched out beyond Spain to target the U.K., Germany, Hungary, Italy, and Poland. The English-language campaign alone has been from The Hacker News https://ift.tt/3vphVTN via IFTTT

Google have declared Droidscript is malware 621 by croes | 366 comments on Hacker News.

My Current HTML Boilerplate 612 by adrian_mrd | 175 comments on Hacker News.

Experian’s credit freeze security is still a joke 562 by parsecs | 301 comments on Hacker News.

The Metropolitan Police Department (MPD) of the District of Columbia has become the latest high-profile government agency to fall victim to a ransomware attack. The Babuk Locker gang claimed in a post on the dark web that they had compromised the DC Police's networks and stolen 250 GB of unencrypted files. Screenshots shared by the group, and seen by The Hacker News, include various folders from The Hacker News https://ift.tt/3aLjrHY via IFTTT

The release of MITRE Engenuity's Carbanak+Fin7 ATT&CK evaluations every year is a benchmark for the cybersecurity industry. The organization's tests measure how well security vendors can detect and respond to threats and offers an independent metric for customers and security leaders to understand how well vendors perform on a variety of tasks. However, for the uninitiated, the results can be from The Hacker News https://ift.tt/3dUYvAn via IFTTT

Security is only as strong as the weakest link. As further proof of this, Apple released an update to macOS operating systems to address an actively exploited zero-day vulnerability that could circumvent all security protections, thus permitting unapproved software to run on Macs. The macOS flaw, identified as CVE-2021-30657, was discovered and reported to Apple by security engineer Cedric Owens from The Hacker News https://ift.tt/2Qt5NTc via IFTTT

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS), and the Federal Bureau of Investigation (FBI) on Monday published a new joint advisory as part of their latest attempts to expose the tactics, techniques, and procedures (TTPs) adopted by the Russian Foreign Intelligence Service (SVR) in its attacks targeting the U.S and foreign entities. By from The Hacker News https://ift.tt/3sYow62 via IFTTT

Pfizer is testing a pill that, if successful, could cure Covid-19 470 by mvzvm | 288 comments on Hacker News.

CSS Tips 405 by qubitcoder | 124 comments on Hacker News.

Changes at Basecamp 432 by massel | 307 comments on Hacker News.

Roku says it may lose YouTube TV app after Google made anti-competitive demands 390 by 1cvmask | 282 comments on Hacker News.

Farming robot kills 100k weeds per hour with lasers 584 by HiroProtagonist | 408 comments on Hacker News.

We were promised Strong AI, but instead we got metadata analysis 491 by todsacerdoti | 310 comments on Hacker News.

Has UML died without anyone noticing? 634 by azhenley | 545 comments on Hacker News.

Apple sued for terminating account with $25k worth of apps and videos 665 by imgabe | 383 comments on Hacker News.

Parsing Protobuf at 2+GB/S: How I Learned to Love Tail Calls in C 563 by signa11 | 181 comments on Hacker News.

Millions of the Pentagon’s dormant IP addresses sprang to life on January 20 569 by jimschley | 237 comments on Hacker News.

Earth Restored – 50 restored images of earth released 402 by cyberhost | 130 comments on Hacker News.

Remote code execution in Homebrew by compromising the official Cask repository 383 by spenvo | 89 comments on Hacker News.

Researchers from the University of Minnesota apologized to the maintainers of Linux Kernel Project on Saturday for intentionally including vulnerabilities in the project's code, which led to the school being banned from contributing to the open-source project in the future. "While our goal was to improve the security of Linux, we now understand that it was hurtful to the community to make it a from The Hacker News https://ift.tt/3sSXk8W via IFTTT

New research has uncovered privacy weaknesses in Apple's wireless file-sharing protocol that could result in the exposure of a user's contact information such as email addresses and phone numbers. "As an attacker, it is possible to learn the phone numbers and email addresses of AirDrop users – even as a complete stranger," said a team of academics from the Technical University of Darmstadt, from The Hacker News https://ift.tt/3vl43de via IFTTT

No matter which type of business you are in, whether small, medium, or large, email has become an irrefutable tool for communicating with your employees, partners, and customers. Emails are sent and received each day in bulk by companies from various sources. In addition, organizations may also employ third-party vendors who may be authorized to send emails on behalf of the company. As a result, from The Hacker News https://ift.tt/2RVLiyE via IFTTT

Emotet, the notorious email-based Windows malware behind several botnet-driven spam campaigns and ransomware attacks, was automatically wiped from infected computers en masse following a European law enforcement operation. The development comes three months after a coordinated disruption of Emotet as part of "Operation Ladybird" to seize control of servers used to run and maintain the malware from The Hacker News https://ift.tt/3nkgwuU via IFTTT

A staggering number of 3.28 billion passwords linked to 2.18 billion unique email addresses were exposed in what's one of the largest data dumps of breached usernames and passwords. In addition, the leak includes 1,502,909 passwords associated with email addresses from government domains across the world, with the U.S. government alone taking up 625,505 of the exposed passwords, followed by the from The Hacker News https://ift.tt/3ewRK6X via IFTTT

Feynman: I am burned out and I'll never accomplish anything (1985) 757 by ent101 | 223 comments on Hacker News.

Dan Kaminsky has died 712 by rincebrain | 108 comments on Hacker News.

A recently identified security vulnerability in the official Homebrew Cask repository could have been exploited by an attacker to execute arbitrary code on users' machines that have Homebrew installed. The issue, which was reported to the maintainers on April 18 by a Japanese security researcher named RyotaK, stemmed from the way code changes in its GitHub repository were handled, resulting in a from The Hacker News https://ift.tt/3vjzk0q via IFTTT

The most effective malaria vaccine yet discovered 657 by hprotagonist | 239 comments on Hacker News.

Click Studios, the Australian software company behind the Passwordstate password management application, has notified customers to reset their passwords following a software supply chain attack. The Adelaide-based firm said a bad actor used sophisticated techniques to compromise the software's update mechanism and used it to drop malware on user computers. The breach is said to have occurred from The Hacker News https://ift.tt/3aCN5z7 via IFTTT

Apple Is Sued for Telling You That You're “Buying” Movies 653 by paulcarroty | 404 comments on Hacker News.

A new ransomware strain called "Qlocker" is targeting QNAP network attached storage (NAS) devices as part of an ongoing campaign and encrypting files in password-protected 7zip archives. First reports of the infections emerged on April 20, with the adversaries behind the operations demanding a bitcoin payment (0.01 bitcoins or about $500.57) to receive the decryption key. In response to the from The Hacker News https://ift.tt/3eoBO6N via IFTTT

Why Lichess will always be free 618 by hydroxideOH- | 241 comments on Hacker News.

Attackers are exploiting the ProxyLogon Microsoft Exchange Server flaws to co-opt vulnerable machines to a cryptocurrency botnet named Prometei, according to new research. "Prometei exploits the recently disclosed Microsoft Exchange vulnerabilities associated with the HAFNIUM attacks to penetrate the network for malware deployment, credential harvesting and more," Boston-based cybersecurity firm from The Hacker News https://ift.tt/3v9G7tp via IFTTT

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed details of a new advanced persistent threat (APT) that's leveraging the Supernova backdoor to compromise SolarWinds Orion installations after gaining access to the network through a connection to a Pulse Secure VPN device. "The threat actor connected to the entity's network via a Pulse Secure virtual private network ( from The Hacker News https://ift.tt/3vd2NJ7 via IFTTT

Stranded sailor allowed to leave abandoned ship after four years 604 by alphachloride | 279 comments on Hacker News.

EFF sues Proctorio on behalf of student falsely DMCA'd 531 by oxylibrium | 433 comments on Hacker News.

UMN CS&E Statement on Linux Kernel Research 632 by fhars | 310 comments on Hacker News.

Initial preview of GUI app support for the Windows Subsystem for Linux 633 by velmu | 331 comments on Hacker News.

YouTube CEO Susan Wojcicki Gets 'Freedom Expression' Award Sponsored by YouTube 589 by arprocter | 255 comments on Hacker News.

Discord ends deal talks with Microsoft 569 by coloneltcb | 498 comments on Hacker News.

The sprawling SolarWinds cyberattack which came to light last December was known for its sophistication in the breadth of tactics used to infiltrate and persist in the target infrastructure, so much so that Microsoft went on to call the threat actor behind the campaign "skillful and methodic operators who follow operations security (OpSec) best practices to minimize traces, stay under the radar, from The Hacker News https://ift.tt/2Qo5YyX via IFTTT

There are many labor-intensive tasks that the IT service desk carries out on a daily basis. None as tedious and costly as resetting passwords. Modern IT service desks spend a significant amount of time both unlocking and resetting passwords for end-users. This issue has been exacerbated by the COVID-19 pandemic. Causes of account lockouts and password resets End-user password policies, such as from The Hacker News https://ift.tt/3tJwC3A via IFTTT

Adversaries are increasingly abusing Telegram as a "command-and-control" system to distribute malware into organizations that could then be used to capture sensitive information from targeted systems. "Even when Telegram is not installed or being used, the system allows hackers to send malicious commands and operations remotely via the instant messaging app," said researchers from cybersecurity from The Hacker News https://ift.tt/2QKVBFp via IFTTT

Facebook on Wednesday said it took steps to dismantle malicious activities perpetrated by two state-sponsored hacking groups operating out of Palestine that abused its platform to distribute malware. The social media giant attributed the attacks to a network connected to the Preventive Security Service (PSS), the security apparatus of the State of Palestine, and another threat actor known as from The Hacker News https://ift.tt/3dHGeXk via IFTTT

Exploiting vulnerabilities in Cellebrite UFED and Physical Analyzer 605 by derekerdmann | 131 comments on Hacker News.

Linux bans University of Minnesota for sending buggy patches in name of research 683 by prsutherland | 262 comments on Hacker News.

Prominent Apple supplier Quanta on Wednesday said it suffered a ransomware attack from the REvil ransomware group, which is now demanding the iPhone maker pay a ransom of $50 million to prevent leaking sensitive files on the dark web. In a post shared on its deep web "Happy Blog" portal, the threat actor said it came into possession of schematics of the U.S. company's products such as MacBooks from The Hacker News https://ift.tt/3v6E899 via IFTTT

Today there are plenty of cybersecurity tools on the market. It is now more important than ever that the tools you decide to use work well together. If they don't, you will not get the complete picture, and you won't be able to analyze the entire system from a holistic perspective.  This means that you won't be able to do the right mitigations to improve your security posture. Here are examples from The Hacker News https://ift.tt/3sEhrHy via IFTTT

“They introduce kernel bugs on purpose” 600 by kdbg | 365 comments on Hacker News.

Google on Tuesday released an update for Chrome web browser for Windows, Mac, and Linux, with a total of seven security fixes, including one flaw for which it says an exploit exists in the wild. Tracked as CVE-2021-21224, the flaw concerns a type confusion vulnerability in V8 open-source JavaScript engine that was reported to the company by security researcher Jose Martinez on April 5 According from The Hacker News https://ift.tt/32uNb7E via IFTTT

SonicWall has addressed three critical security vulnerabilities in its hosted and on-premises email security (ES) product that are being actively exploited in the wild. Tracked as CVE-2021-20021 and CVE-2021-20022, the flaws were discovered and reported to the company by FireEye's Mandiant subsidiary on March 26, 2021, after the cybersecurity firm detected post-exploitation web shell activity on from The Hacker News https://ift.tt/2QaUqz7 via IFTTT

If the Pulse Connect Secure gateway is part of your organization network, you need to be aware of a newly discovered critical zero-day authentication bypass vulnerability (CVE-2021-22893) that is currently being exploited in the wild and for which there is no patch yet. At least two threat actors have been behind a series of intrusions targeting defense, government, and financial organizations from The Hacker News https://ift.tt/3tDzK18 via IFTTT

Apple Introduces AirTag 564 by davidbarker | 521 comments on Hacker News.

Grafana, Loki, and Tempo will be relicensed to AGPLv3 522 by WalterSobchak | 361 comments on Hacker News.

Researchers have uncovered a new set of fraudulent Android apps in the Google Play store that were found to hijack SMS message notifications for carrying out billing fraud. The apps in question primarily targeted users in Southwest Asia and the Arabian Peninsula, attracting a total of 700,000 downloads before they were discovered and removed from the platform. The findings were reported from The Hacker News https://ift.tt/3n7sw34 via IFTTT

IBM employee forced to stop kernel work under personal email address 508 by ibmthrwy | 340 comments on Hacker News.

The Endless Acid Banger: algorithmic self-composing acid techno music 516 by clomond | 124 comments on Hacker News.

For most organizations today, endpoint protection is the primary security concern. This is not unreasonable – endpoints tend to be the weakest points in an environment – but it also misses the forest for the trees. As threat surfaces expand, security professionals are harder pressed to detect threats that target other parts of an environment and can easily miss a real vulnerability by focusing from The Hacker News https://ift.tt/32rrwNE via IFTTT

An ongoing malvertising campaign tracked as "Tag Barnakle" has been behind the breach of more than 120 ad servers over the past year to sneakily inject code in an attempt to serve malicious advertisements that redirect users to rogue websites, thus exposing victims to scamware or malware. Unlike other operators who set about their task by infiltrating the ad-tech ecosystem using "convincing from The Hacker News https://ift.tt/2RSS0Wp via IFTTT

The “Granny Knot” 486 by Tomte | 194 comments on Hacker News.

A spear-phishing attack operated by a North Korean threat actor targeting its southern counterpart has been found to conceal its malicious code within a bitmap (.BMP) image file to drop a remote access trojan (RAT) capable of stealing sensitive information. Attributing the attack to the Lazarus Group based on similarities to prior tactics adopted by the adversary, researchers from Malwarebytes from The Hacker News https://ift.tt/32HSTmR via IFTTT

Hire me and pay what you want, just give me interesting work 442 by ftruzzi | 367 comments on Hacker News.

Nassim Taleb: Bitcoin failed as a currency and became a speculative ponzi scheme 441 by thefoodboylover | 411 comments on Hacker News.

Microsoft says mandatory password changing is “ancient and obsolete” (2019) 470 by Tomte | 234 comments on Hacker News.

First Flight of the Ingenuity Mars Helicopter [video] 453 by hheikinh | 91 comments on Hacker News.

Unsettling capital letters 496 by c0nsumer | 124 comments on Hacker News.

Dissecting the Apple M1 GPU, Part III 482 by marcodiego | 109 comments on Hacker News.

The concept of "passwordless" authentication has been gaining significant industry and media attention. And for a good reason. Our digital lives are demanding an ever-increasing number of online accounts and services, with security best practices dictating that each requires a strong, unique password in order to ensure data stays safe. Who wouldn't want an easier way? That's the premise behind from The Hacker News https://ift.tt/3dxtGBM via IFTTT

A Mac malware campaign targeting Xcode developers has been retooled to add support for Apple's new M1 chips and expand its features to steal confidential information from cryptocurrency apps. XCSSET came into the spotlight in August 2020 after it was found to spread via modified Xcode IDE projects, which, upon the building, were configured to execute the payload. The malware repackages payload from The Hacker News https://ift.tt/3gluYkY via IFTTT

Proposal: Treat FLoC as a security concern 496 by meattle | 223 comments on Hacker News.

Livebook: A collaborative and interactive code notebook for Elixir 484 by bcardarella | 50 comments on Hacker News.

Content-aware image resizing in JavaScript 466 by mmazzarolo | 61 comments on Hacker News.

QUIC and HTTP/3 Support Now in Firefox Nightly and Beta 490 by caution | 137 comments on Hacker News.

Ask HN: How can a unhireable person get a job? 520 by snakedoctor | 808 comments on Hacker News. I've been trying to get a job for over a year now. I've interviewed at Google, Facebook, Dell, NSA, CIA, DoE (E=Energy), Airbnb, Palantir. Too many to list. I've applied to companies from the whoishiring thread every monthly. workatastartup etc. Always ending with ghosting, or a impasive rejection letter. I tried improving my interview skills. Reading Meyers, Knuth etc. books. Reading advice on Reddit etc. But I still always get rejected. I worked at EA (QA on Apex Legends), and IBM (dev) at 18. Quit due to lowpay/no insurance. Got referrals etc. dropped out my freshmen year at a top 40 college. Was on the cyber security team etc. College was too expensive so I had to dropout. Got a low level customer support role at Amazon. But I only made $15 with no health insurance. Found some flaws within the anti-fraud system at Amazon, and wrote a detailed e-mail to the VP in charge of...

5G: The outsourced elephant in the room 552 by sam_lowry_ | 234 comments on Hacker News.

Thanks for the Bonus, I Quit 557 by todsacerdoti | 303 comments on Hacker News.

A high-level manager and systems administrator associated with the FIN7 threat actor has been sentenced to 10 years in prison, the U.S. Department of Justice announced Friday. Fedir Hladyr, a 35-year-old Ukrainian national, is said to have played a crucial role in a criminal scheme that compromised tens of millions of debit and credit cards, in addition to aggregating the stolen information, from The Hacker News https://ift.tt/3ajIrpI via IFTTT

People talk about the cybersecurity job market like it's a monolith, but there are a number of different roles within cybersecurity, depending not only on your skill level and experience but on what you like to do. In fact, Cybercrime Magazine came up with a list of 50 cybersecurity job titles, while CyberSN, a recruiting organization, came up with its own list of 45 cybersecurity job categories from The Hacker News https://ift.tt/3e8u3BD via IFTTT

Luca App: CCC calls for a moratorium 522 by hacka22 | 149 comments on Hacker News.

SpaceX wins contract to develop spacecraft to land astronauts on the moon 508 by sbuttgereit | 244 comments on Hacker News.

Google misled consumers about the collection and use of location data 501 by Khaine | 80 comments on Hacker News.

Opting Your Website Out of Google's FLoC Network 546 by oedmarap | 237 comments on Hacker News.

SQLite the only database you will ever need in most cases 528 by todsacerdoti | 360 comments on Hacker News.

An RFC that adds support for Rust to the Linux kernel 499 by steveklabnik | 250 comments on Hacker News.

Linus Torvalds on Rust support in kernel 549 by EvgeniyZh | 232 comments on Hacker News.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday issued an advisory warning of multiple vulnerabilities in the OpENer EtherNet/IP stack that could expose industrial systems to denial-of-service (DoS) attacks, data leaks, and remote code execution. All OpENer commits and versions prior to February 10, 2021, are affected, although there are no known public exploits that from The Hacker News https://ift.tt/3wVpOSN via IFTTT