Citrix Citrix zero day used to attack critical infrastructure -- IOCs and detections now available Attackers dropped a webshell, collected and exfiltrated Active Directory data, then ran into some healthy obstacles...
SAP SAP CEO: Generative AI comes with a "30% premium" - could customise your on-prem deployments "We sit on data of over 400,000 customers and their material flows, financial flows, employee customer data. We are taking this data… to benchmark and give business process recommendations"
procurement Software spending plummets as CFOs batten down the hatches; SaaS firms hike prices CFOs are scrutinizing net-new spending more aggressively than ever while "new product purchases emphasize 2023’s mission-critical priorities: growth, sustainability, and security"
Members only encryption The world’s first fully specified, end-to-end encryption standard just landed. That's big. Here’s what you need to know about Messaging Layer Security (MLS) as it becomes an official standard in a move welcomed by AWS, Android, Cisco, Matrix and many more.
Citrix Critical pre-auth RCE Citrix Gateway vulnerability is under active attack and looks bad There are approximately 38,000 Citrix Gateway appliances exposed to the public internet and a whole host of internet traffic flows through Citrix ADC...
encryption RFC 9420 aka Messaging Layer Security (MLS) – An Overview MLS achieves its low complexity through the use of a binary tree. This means that the number of required operations and the payload size do not increase linearly with the group size but rather only logarithmically after a short warm-up period...
public sector Eight years in, £2 billion spent, and nothing to show bar a big fat interoperability hole Astonishingly the Home Office, already under pressure over interoperability challenges “does not know how many vendors provide" control room systems across 108 service stations...
economy UK corporate insolvencies spike to the highest levels since 2008 "Zombie companies are likely to be early casualties of rising interest rates. However, if their demise frees up staff and properties for use by more profitable companies, the long run effect could be a boost to UK productivity..."
Members only Cybersecurity "WormGPT" gives cybercriminals their own LLM A dangerous Large Language Model trained on malware data sets is being used to launch BECs.
Citigroup Citi’s tech spend hits $3 billion in Q2, as CFO highlights in-sourcing efforts Citigroup spent the equivalent to some $50 million on technology every single working day over the past quarter..
Opinion Unleashing automation platforms to transform IT infrastructure management With event-driven automation companies can move significantly closer to achieving fully automated IT infrastructure management.
cybersecurity Microsoft strengthens key storage after China incident – admits “validation error in Microsoft code” Redmond has since "substantially hardened key issuance systems... this includes increased isolation of the systems, refined monitoring of system activity, and moving to the hardened key store used for our enterprise systems..."
Members only carbon emissions UK gov’t eyes £4 million GHG emissions software upgrade HMG wants a "new software approach which streamlines the system, using standard architecture across all inventory sectors to store, analyze, and report emissions"
Opinion Product support is much more than keeping customers happy Support is changing. Just as the generational shift from on-premise to cloud revolutionized computing deployment and consumption, it also led to a profound swing away from traditional support models.
sonicwall Critical SonicWall vulnerabilities "extremely attractive" - central firewall hub needs urgent patching Multiple critical unauthenticated SQL injection bugs and hard-coded credentials as well as command injection, and file upload bugs need urgent patching.
Blockchain Google allows NFTs into Play Store Google has updated its app store policy, and now the NFTs can come out to Play...
artificial intelligence Global AI Index: US and China lead investment, as Israel and Singapore punch above weight The scramble for a piece of the AI pie is on, but US and China remain on top when it comes to raking in the profit
Azure Microsoft clams up over critical Azure key breach, security incident as attackers breach US agencies Following a major security breach involving US federal agencies, Microsoft refuses to provide details on the incident
ransomware Ransomware payments in 2023 to hit $898.6 million as Big Game hunting returns with a vengeance Have you tested and do you have the capability to restore your Active Directory or whatever IAM technology you use in the wake of a devastating incident?
MTTD Combating hacker dwell time: Why mean time to detect (MTTD) alone can’t be trusted MTTD, as things currently stand, cannot be relied upon exclusively as a metric to measure the effectiveness of data breach detection.
Members only CIO Featured Q&A: NATO's first CIO Manfred Boudreaux-Dehmer on priorities and progress "NATO finds the organically grown ‘IT garden’ in need of some pruning, cleanup, and restructuring. My focus is to pivot to a centrally anchored Enterprise Architecture..."
Patch Tuesday This Microsoft zero day is under active attack and there’s no patch Happy Patch Tuesday: Have some critical SAP vulnerabilities affecting pretty much every internet-facing product whilst you're at it...
patching Apple pushes urgent security fix for exploited zero day – then kills it after websites broke Risk arbitrary code execution or face howls from users unable to access Instagram? Priorities, priorities -- but a fresh fix is coming after initial RSR rolled back.
News New transatlantic data transfer agreement comes after "unprecedented" US spying commitment US companies will be able to join the new EU-US Data Privacy Framework “by committing to comply with a detailed set of privacy obligations" -- but will it be back in court soon?