Monthly Archives: August 2023

Strategic Framework for Ransomware Resilience

In 2022 only 16% of organizations who suffered a ransomware attack were able to recover without paying a ransom. Since it’s not possible to prevent every cyberattack, organizations need to make recovery a priority. This paper outlines the critical capabilities needed to prepare for and recover from a ransomware attack, reducing downtime and minimizing the possibility of data loss.
http://news.poseidon-us.com/StR7Bc

Downfall attacks can gather passwords, encryption keys from Intel processors

A variety of Intel Core processors and the devices using them are vulnerable to “Downfall”, a new class of attacks made possible by CVE-2022-40982, which enables attackers to access and steal sensitive data such as passwords, encryption keys, and private data from other users on the same personal or cloud computer. CVE-2022-40982 and the Downfall attacks “[CVE-2022-40982] is caused by memory optimization features in Intel processors that unintentionally reveal internal hardware registers to software. This … More → The post Downfall attacks can gather passwords, encryption keys from Intel processors appeared first on Help Net Security.
http://news.poseidon-us.com/StPjcj

SandboxAQ launches open-source meta-library of cryptographic algorithms

SandboxAQ launched Sandwich, an open-source framework that simplifies modern cryptography management and enables developers to steer their organizations towards cryptographic agility. With a unified API, Sandwich empowers developers to embed the cryptographic algorithms of their choice directly into their applications and change them as technologies and threats evolve – without rewriting code. It also gives developers greater observability and control over their cryptography for improved cybersecurity. Sandwich is open source for embedding cryptography into internal … More → The post SandboxAQ launches open-source meta-library of cryptographic algorithms appeared first on Help Net Security.
http://news.poseidon-us.com/StNxMv

House bill aims to reduce effects of pay compression for senior-level feds

Although the new bill from Del. Eleanor Holmes Norton (D-DC) would not entirely solve pay compression, the Senior Executives Association said “any action is better than no action.”
http://news.poseidon-us.com/StNWDr

Zoom emphasizes customer consent as critics question AI service terms

Concerns stem from what Zoom says it will do with customer and service-generated data and what its policy language allows. 
http://news.poseidon-us.com/StNVR7

Adecco Group taps PepsiCo exec to lead IT operations

The second-largest global HR services provider welcomed Caroline Basyn to its executive committee as it pushes AI-enabled digital products across its portfolio.
http://news.poseidon-us.com/StNVPW

JLL rolls out proprietary generative AI model to internal employees

In the first 48 hours following deployment at the commercial real estate and investment management company, more than 11,000 employees used the large language model.
http://news.poseidon-us.com/StLztV

ISC Stormcast For Tuesday, August 8th, 2023 https://isc.sans.edu/podcastdetail/8606, (Tue, Aug 8th)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
http://news.poseidon-us.com/StLHXS

Microsoft Declares Power Platform Flaw, Found by Tenable, To Be Fixed

Microsoft on Friday announced that it had fixed security issues with “Power Platform Custom Connectors using Custom Code” that had been identified by security solutions firm Tenable back in March 2023.
http://news.poseidon-us.com/StKrVs

Update: Researchers scanning the Internet, (Mon, Aug 7th)

We have been tracking researchers scanning the Internet for open ports or vulnerabilities for a few years. These groups often show up in our “top 10” lists. We do not make any general recommendations to block these IPs but we want to give you the information you need to make this decision for your network.
http://news.poseidon-us.com/StKrQc