vulnerabilities
Exploit released for fresh Fortra GoAnywhere bug: CVSS 9.8 and again, nasty. Patch up.
A 10-line exploit is now widely available. Unpatched instances *will* come under attack.
job of the week
Job of the Week: Head of IT Transformation, Allianz
Allianz more broadly has successfully ditched mainframe-based core IT applications for x67 servers with Linux operating systems.
vmware
VMware is "killing off" 56 products amid "tectonic" infrastructure shift
Goodbye vSphere Hypervisor. Goodbye Aria Operations. Goodbye NCX. Goodbye HCX. Goodbye more acronyms than we know what to do with; though Broadcom does; at least as standalone SKUs...
AI
Microsoft open-sources “TaskWeaver” AI framework
Stateful. A Web UI. Customisable plugins. Six LLMs supported. Nice work, Microsoft.
Cybersecurity
Ivanti VPN appliance exploitation now happening at scale
VPN appliances "all appear to have been constructed with the code equivalent of string, stamped with the word ‘secure’ and then just left to decay for 20 years..."
Cloud
Google Cloud is NOT magicking away data egress fees
GCP's somewhat limited move to drop "cloud switching" charges is aimed squarely at Microsoft.
X
SEC’s X account hacked: Unlike Mandiant, no MFA was in place
"The SEC has not approved the listing and trading of spot bitcoin exchange-traded products"
Cybersecurity
Software licensing bug percolates pre-auth RCE risk downstream to PLC-land
Another arguably more potent example and one actively exploited in the wild is CVE-2023-46604 – a CVSS 10 RCE vulnerability in Apache ActiveMQ; an open source message broker written in Java.
AWS
AWS rattles customers with unclear warning over mystery "recent CVE"
Warns users it will terminate affected tasks, but leaves a lacuna... (Fear not, we're here with details)
Epstein
US Courts files system crashes as new Jeffrey Epstein files drop
Proposal that Bill Clinton come to court "a transparent ploy by Plaintiff to increase media exposure for her sensational stories through deposition side-show"
AI
AI predictions for 2024?
"No serious user-facing product will display GPT-4-generated output given its legal issues that will continue and become even more serious throughout 2024; new architectures competing with Transformer, such as Mamba, will appear..."
Cloud
UK gas utility eyes "high-risk" shift to Azure, frets over ICS security
"A requirement to bring unmanaged and unsupported ICS devices under proper governance and control..."