Microsoft 20,000+ EOL Exchange Servers are still sitting there and sucking it up Attacks on Exchange Server Attacks in 2022 were so rife that threat groups were observed cleaning up .aspx and .bat files to remove other attackers
Citrix Boeing shares ransomware incident TTPs as Citrix Bleed attacks ramp up Hey criminals! Fire an HTTP GET request. Grab system memory including session cookies issued post-authentication. Don't worry about logs. Pillage and loot. Thanks, Citrix.
NHS Palantir lands £330 million NHS "Federated Data Platform" contract "Each NHS organisation will be the data controller for their ‘federated’ platform instance. The use of the data will always remain under the full control and protection of the NHS
OpenAI Sam Altman to return as OpenAI CEO as ludicrous soap opera continues From "not consistently candid" to just "not consistent"? Do you care any longer? Should you?
Members only vmware Broadcom to close VMware buyout this week. Nervous? Consider this... "There is a lot of anxiety about the Broadcom-VMware acquisition around pricing, support and other issues"
Ubuntu Canonical’s newly GA “MicroCloud” aims to take a small bite out of vSphere MicroCloud can scale from three servers to around 50-node clusters and it is lightweight enough, claims Canonical, to run on a developer laptop.
cybersecurity New report sheds light on “Scattered Spider”’s ability to take over identity providers The group "register their own MFA tokens [and] add a federated identity provider to the victim’s SSO tenant and activate automatic account linking..."
Microsoft Microsoft unveils “the last puzzle piece” – its own semiconductors Big claims by Satya Nadella, big news for the industry, but no benchmarks or hard specifications yet.
NVIDIA NVIDIA looks to bring monster AI capabilities to cloud, enterprise, with HGX H200 An eight-way HGX H200 provides over 32 petaflops of FP8 deep learning compute and 1.1TB of aggregate high-bandwidth memory
Kubernetes Public Kubernetes API server numbers pass one million, as attackers start to consider K8s a "central target" "Once an attacker is past the initial access, the opportunities are ample for lateral movement and privilege escalation within a cluster..."
DDoS ChatGPT says major outages may be due to DDoS attacks Incident follows record HTTP2 "Rapid Reset" attack warnings as well as CISA note on exploitation of Service Location Protocol vulnerability for DDoS purposes.
telco Nationwide Aussie telco outage cause "too technical" to explain: The answer may be in a (heavily redacted) Canadian report How not to share a root cause analysis: Lessons from Australia's Optus and Canada's Rogers...
ChatGPT ChatGPT suffers major (but swiftly fixed) outage Two outages back-to-back came the day of OpenAI's new models and services launch and appear to have grown more severe today...
utilities UK's crisis-wracked largest water company seeks help from “Digital Twins” amid crisis Training, software, analysis, data migration support and more needed as company goes to market.
OpenAI OpenAI unveils new models, capabilities OpenAI has pushed out a flurry of updates at its first developer conference – including the release of its new GPT-4 Turbo which can fit the “equivalent of more than 300 pages of text in a single prompt” – and the ability to train and run LLMs powered by proprietary datasets. Calling
AI EU investors including Bosch, SAP pump $500 million into "sovereign" AI firm Aleph Alpha The investment comes as a Google DeepMind paper poured some cold water on the AI hype, finding "various failure modes of transformers and degradation of their generalization for even simple extrapolation tasks" if these are out of its training data domain.
Outages 40-hour Cloudflare outage: Tier 3 DC power failure exposes unknown software dependencies, triggers rethink "Dependencies shouldn’t have been so tight, should have failed more gracefully, and we should have caught them"
CISO As SEC’s SolarWinds charges reverberate, companies scrutinise cyber risk disclosures 'Do not state anything that is subjective and avoid adjectives (e.g., "state of the art," "mature," "advanced," "appropriate," "comprehensive," or "reasonable")' say experts.
AI Biden's AI Executive Order to create standards for identifying "AI-generated content and authenticating official content" Order also demands "strong new standards for biological synthesis screening" and follows UK concerns around
AWS How to Shrink EBS Volumes "Unfortunately, the size of an existing EBS volume cannot be decreased. Instead, it is possible to create a smaller volume and move the data using tools such as rsync, at the cost of pausing the system’s write operations during the migration..."
ransomware English-speaking ransomware group expanding ops, deploying diverse tools, threats Both blunt and more advanced social engineering approaches used for initial access; the group also has sophisticated hands-on-keyboards capabilities and a diverse toolset.
ransomware Was this the most vanilla ransomware attack ever? "VPNs pose a threat to enterprise security. They create a path in the network perimeter and provide access to network resources after authentication..."
Azure Azure West Europe wobbles after generator failover fail Upstream utility disturbance triggers brief bout of sweating with "a small amount of storage nodes" needing to be recovered manually in the wake of the Azure incident,