A cloud misconfiguration at a leading security services multinational has exposed the details of countless airport staff across South America, according to a new report. A team at AV comparison site Safety Detectives found an Amazon Web Services S3 bucket wide open without any authentication required to view the contents. After notifying the owner, Swedish security giant Securitas, on October 28 2021, the firm secured the database a few days later on November 2. Inside…

Despite diversity being a much-discussed topic in the tech industry, representation for Black tech workers is still not where it needs to be, with African Americans holding just 7% of positions in the tech industry, and only 2% of tech executive roles, according to data from the Diversity in High Tech report published by the US Equal Employment Opportunity Commission. Moreover, Black IT pros — even those in leadership positions — still encounter unique challenges both in the…

The worldwide supply chain challenges that plagued companies in multiple industries throughout 2021 are continuing this year. One potentially effective solution for addressing supply and demand issues is to leverage data analytics. Professional services and consulting firm KPMG in a recent report notes that several major disruptions are currently affecting supply chains. These include the ongoing global logistics disruptions stemming from the COVID-19 pandemic that continue to impact businesses and consumers — as the flow…

According to Gartner, operational resilience is defined as “initiatives that expand business continuity management programs to focus on the impacts, connected risk appetite, and tolerance levels for disruption of product or service delivery to internal and external stakeholders.” If the word “disruption” sounds familiar, it’s because we’re living in one of the most volatile times in recent history. The COVID-19 pandemic created major challenges for supply chains and third-party relationships, which in turn has had…

US law enforcers are urging participants at the Beijing Winter Olympics to leave their devices at home after warning of potential state-backed and cybercrime activity at the event. An FBI alert issued yesterday claimed it was aware of no specific threat to the games but urged “partners” to remain vigilant. While strict Communist Party COVID restrictions mean no foreign spectators will be allowed to attend the Olympics or Paralympics, athletes could be targeted, the Feds…

Exploit Framework – Metasploit CVE-2021-44228 Windows HTTP Protocol Stack CVE-2022-21907 PolicyKit (polkit) – Local Privilege Escalation CVE-2021-4034 Microsoft Edge (Chromium-based) CVE-2022-0108, CVE-2022-0109, CVE-2022-0104, CVE-2022-0105, CVE-2022-0106, CVE-2022-0107, CVE-2022-0100, CVE-2022-0101, CVE-2022-0102, CVE-2022-0103, CVE-2022-0120, CVE-2022-0113, CVE-2022-0112, CVE-2022-0111, CVE-2022-0110, CVE-2022-0117, CVE-2022-0116, CVE-2022-0115, CVE-2022-0114, CVE-2022-0118, CVE-2022-0098, CVE-2022-0099, CVE-2022-0096, CVE-2022-0097 APSB22-01 CVE-2021-44701, CVE-2021-44702, CVE-2021-44703, CVE-2021-44704, CVE-2021-44705, CVE-2021-44706, CVE-2021-44707, CVE-2021-44708, CVE-2021-44709, CVE-2021-44710, CVE-2021-44711, CVE-2021-44712, CVE-2021-44713, CVE-2021-44714, CVE-2021-44715, CVE-2021-44739, CVE-2021-44740, CVE-2021-44741, CVE-2021-44742, CVE-2021-45060, CVE-2021-45061, CVE-2021-45062, CVE-2021-45063, CVE-2021-45064, CVE-2021-45067, CVE-2021-45068 Microsoft Office Word CVE-2022-21842…

Water and wastewater treatment may not be at the top of most people’s list of discussion topics, but the more you think about it, the more clear it becomes that this particular subsegment of the utilities market is a vital part of our critical infrastructure. We rely on the ability to turn on the tap and get clean, safe water every day. And we’ve seen what havoc losing that ability can wreak from the crisis…

The US government has added eight more vulnerabilities to its growing list of CVEs that must be patched by federal agencies, including some that first appeared eight years ago. The Cybersecurity and Infrastructure Security Agency (CISA) first launched its Known Exploited Vulnerabilities Catalog in November 2021 as part of a government effort to enhance cyber-resilience. The Binding Operational Directive (BOD) 22-01 that enabled it applies only to civilian federal agencies, but all organizations are encouraged to monitor the…