433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (727) 493-2351

Cisco Identity Services Engine Privilege Escalation Vulnerabilities

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform privilege escalation attacks to read or modify arbitrary files on the underlying operating system. To exploit these vulnerabilities, an attacker must have valid Administrator-level privileges on the affected device. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address one of these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-priv-esc-KJLp2Aw Security Impact Rating: Medium CVE: CVE-2023-20193,CVE-2023-20194
http://news.poseidon-us.com/SvjnrW

Taking advantage of data and compute at the edge

Explore the benefits, data security implications and strategies for managing complex edge systems. Our new ebook highlights how NOAA and VA aim to better serve users everywhere and shares real-world best practices from Red Hat experts.
http://news.poseidon-us.com/Svj8xp

Intuit launches AI-fueled financial assistant for consumers, small businesses

The tool assists Intuit tax advisors, providing personalized recommendations and helps customers contextualize finances through a conversational interface.
http://news.poseidon-us.com/Svj8Lw

Pioneering beyond-silicon technology via residue-free field effect transistors

Beyond-silicon technology demands ultra-high-performance field-effect transistors (FETs). Transition metal dichalcogenides (TMDs) provide an ideal material platform, but the device performances such as contact resistance, on/off ratio, and mobility are often limited by the presence of interfacial residues caused by transfer procedures. We show an ideal residue-free transfer approach using polypropylene carbonate (PPC) with a negligible residue for monolayer MoS2. By incorporating bismuth semimetal contact with atomically clean monolayer MoS2-FET on h-BN substrate, we obtain an ultralow Ohmic contact resistance approaching the quantum limit and a record-high on/off ratio of ~1011 at 15 K. Such an ultraclean fabrication approach could be the ideal platform for high-performance electrical devices using large-area semiconducting TMDs.
http://news.poseidon-us.com/SvgzMj

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious people throughout the tech industry has led some security experts to conclude that crooks likely have succeeded at cracking open some of the stolen LastPass vaults.
http://news.poseidon-us.com/Svgwr6

Spotlight: The Challenge to Detect Stealthy Attacks Against AI Data

What if someone were to manipulate the data used to train AI? NIST is collaborating on a competition to get ahead of potential threats like this.
http://news.poseidon-us.com/Svfzjb

COVID-compliance requirements in job postings are so 10 minutes ago, OPM says

In today’s Federal Newscast: National Guardsmen from five states are helping fight wildfires in Louisiana. GSA is using the Inflation Reduction Act to make more than 100 federal buildings all-electric. And OPM says its time to drop COVID-compliance stipulations in federal job postings.
http://news.poseidon-us.com/SvfQ7G

Don’t rush ethics in generative AI adoption plans

Even when leaders feel the pressure to adopt generative AI quickly, ethical frameworks and use case policies should guide their plans.
http://news.poseidon-us.com/SvfHmK

Common usernames submitted to honeypots, (Tue, Sep 5th)

Based on reader feedback, I decided to take a look at usernames submitted to honeypots. The usernames that are seen on a daily basis look very familiar. They tend to come from default user accounts, such as “administrator” on Windows systems or ”root” on Linux systems. The knowledge of a default user account can help in brute force attacks. If the username is already known, only the password needs to be guessed. This shouldn't be too much of a problem to users as long as strong passwords are chosen or other authentication methods such as public key authentication is used. Setting up public key authentication is also referenced in our DShield setup instructions for a Raspberry Pi [2]. 
http://news.poseidon-us.com/SvdHYJ

Reforming federal hiring: Does the Chance to Compete Act promise more than the government can deliver?

The massively bipartisan Chance to Compete Act aims to modernize federal hiring — but experts say limitations in HR offices could stunt its potential, while others think the bill doesn’t take hiring reform far enough.
http://news.poseidon-us.com/Svd8Ww