Cybersecurity
“Extreme urgency”: Flurry of cybersecurity tenders show CNI security focus
"Events unforeseeable for the contracting entity”
Cloud
What IS this new open source S3 file client from Amazon?
Amazon has open-sourced a new file client for S3 called Mountpoint for Amazon S3 that makes it “easy” for Linux-based applications to connect directly to Amazon S3 buckets and access objects using file APIs – not something that has always been easy or indeed possible for Linux-based large-scale analytics applications. Mountpoint
Cybersecurity
As CVE-2023-23397 exploits proliferate, worry mounts
Security experts are warning that a critical Microsoft Outlook exploit is trivial to deploy and “will likely be leveraged imminently by actors for espionage purposes or financial gain” – after Ukrainian cybersecurity authorities disclosed CVE-2023-23397, a critical vulnerability that requires no user interaction to exploit. As The Stack reported, the critical
Enterprise IT
Fastly wins Google "Oblivious HTTP Relay" contract ahead of third-party cookies death
Lightweight app-layer proxy protocol to power ads for billions of Chrome users
Enterprise IT
Bank of Africa UK dumps Finastra for Temenos, swaps core banking, ERP hosting to OCI
Bank goes cloudwards...
Cybersecurity
Fortinet exploits: Attackers tampered with firewall firmware
“System enters error-mode due to FIPS error: Firmware Integrity self-test failed” suggests compromises.
Enterprise IT
Silicon Valley Bank UK sold to HSBC for £1, as US regulators also step in
Failed Silicon Valley Bank (SVB) UK has been sold to HSBC for £1 in a major reprieve for the UK's tech startups who faced losing their deposits (over the insured threshold) after its parent company collapsed. "Customers of SVB UK will be able to access their deposits
Enterprise IT
UK’s GDPR lite “replacement” kills off DPOs (in name)
UK plans to relax some protections under Europe’s General Data Protection Regulation (GDPR) in its revised Data Protection and Digital Information Bill, after a round of external consultations. The proposed changes reduce requirements around the processing of personal data where it is used for “legitimate interests”, aim to clarify
Cybersecurity
Veeam urges “immediate” updates after vulnerability exposes backup hosts
This may generate a lot of Black Hat interest...
Cybersecurity
This critical Microsoft Word RCE exploit requires just a few lines of code: We need more CHERI
POC lands for CVSS 9.8 Word bug CVE-2023-21716
Cybersecurity
US agencies warn over "Royal" ransomware rise
Phishing is key threat vector and a Blue Team bête noire...
Cybersecurity
Novel cloud attack pivoted from K8s to Lambda, pulled IAM keys from Terraform
A recent attack tracked by researchers at cloud security company Sysdig saw the attackers use an exposed Kubernetes container to move laterally to the victim’s AWS account – gaining initial access by exploiting a public-facing service in a self-managed Kubernetes cluster hosted inside an AWS cloud account. The company'