433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | [email protected] | Office: (813) 563-2652

ISC Stormcast For Wednesday, August 14th, 2024 https://isc.sans.edu/podcastdetail/9096, (Wed, Aug 14th)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
http://news.poseidon-us.com/TBtZv6

Microsoft August 2024 Patch Tuesday, (Tue, Aug 13th)

This month we got patches for 186 vulnerabilities. Of these, 9 are critical, and 9 are zero-days (3 previously disclosed, and 6 are already being exploited). The CVEs CVE-2024-38189, CVE-2024-38178, CVE-2024-38193, CVE-2024-38106, CVE-2024-38213, and CVE-2024-38107 are related to the already exploited vulnerabilities and the CVEs CVE-2024-38202, CVE-2024-21302, and CVE-2024-38200 are related to previously disclosed ones. Amongst exploited vulnerabilities, the highest CVSS (CVSS 8.8) is related to the Microsoft Project Remote Code Execution Vulnerability (CVE-2024-38189) rated as Important. According to the advisory, Exploitation requires the victim to open a malicious Microsoft Office Project file on a system where the Block macros from running in Office files from the Internet policy is disabled and VBA Macro Notification Settings are not enabled allowing the attacker to perform remote code execution. Amongst critical vulnerabilities, one of the two 9.8 CVSS this month is associated to the Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability (CVE-2024-38140). According to the exploit, this vulnerability is exploitable only if there is a program listening on a Pragmatic General Multicast (PGM) port. If PGM is installed or enabled but no programs are actively listening as a receiver, then this vulnerability is not exploitable. An unauthenticated attacker could exploit the vulnerability by sending specially crafted packets to a Windows Pragmatic General Multicast (PGM) open socket on the server, without any interaction from the user. The other CVSS 9.8 is associated with the Windows TCP/IP Remote Code Execution Vulnerability (CVE-2024-38063). Systems are not affected if IPv6 is disabled on the target machine. The advisory says that an unauthenticated attacker could repeatedly send IPv6 packets, that include specially crafted packets, to a Windows machine which could enable remote code execution.
http://news.poseidon-us.com/TBtDjX

What Is Lead Time? How to Calculate Lead Time in Manufacturing

Projects are all about delivering a product or service. Whether you’re working in project management, manufacturing, supply chains or inventory management, you need to deliver something valuable to your customers. This is why lead time is so important. There are… Read More The post What Is Lead Time? How to Calculate Lead Time in Manufacturing appeared first on ProjectManager.
http://news.poseidon-us.com/TBsq5Y

How costs, ROI shape generative AI adoption plans

Elusive returns clouded the technology’s initial hype. Executives and analysts are now putting the focus back on costs and use case fit.
http://news.poseidon-us.com/TBs0J8

From doom-scrolling to mindfulness

Researchers have created Mindful Scroll, a mobile app that helps users transition from doom-scrolling to adding mindfulness into their daily routines.
http://news.poseidon-us.com/TBr9xQ

Redefining the computer whiz: Research shows diverse skills valued by youth

Researchers have uncovered a more nuanced view of what makes an ‘ideal’ computer science student, challenging long-held stereotypes of geeky, clever, detail-oriented men, who lack social skills.
http://news.poseidon-us.com/TBqt3k

Health and Human Services rearranges its technology furniture

Health and Human Services reorganized to “streamline and bolster technology, cybersecurity, data, and artificial and policy functions.” The post Health and Human Services rearranges its technology furniture first appeared on Federal News Network.
http://news.poseidon-us.com/TBqSjg

IT leaders blame new features — like AI — for rising software costs

Companies are combating cost creep by leveraging their purchasing power and turning to open-source alternatives, Forrester says. 
http://news.poseidon-us.com/TBpgj4

Video: Same Origin, CORS, DNS Rebinding and Localhost, (Mon, Aug 12th)

Trying something a bit different. A video demo to illustrate some concepts around “Origin” in web applications. Let me know if this is something you would like to see more of.
http://news.poseidon-us.com/TBnv3f