Critical Misconfiguration Found in Google #Kubernetes Engine (GKE) - Posing a threat to over 250,000 clusters. Any #Gmail account could exploit it to take control of your clusters.
Features the Cybersecurity and Infrastructure Security Agency post, "CISA, FBI and EPA Release Incident Response Guide for Water and Wastewater Systems Sector."
If your first instinct is to try and find blame when a security vulnerability is pointed out...
...you have already created an environment where everyone will hide issues from you.
You currently live in a fake reality where you think everything is fine and you have no idea the rot that is underneath you.
If you fire or punish a person every time a vulnerability is found, you will have no one left. Hell, fire yourself first to save us all the trouble.
Vulnerabilities exist. The world changes. Software changes. Attacks change. Business needs change.
Life is fucking impermanence.
So create an environment where folks come to you quickly and tell you what needs to be fixed as they find it.
How do you do that?! Reward vulnerability discovery. Reward mitigations. Reward patch management. Reward security improvement. Reward safety improvement.
🚨 Alert: Ivanti releases updates for a critical #security vulnerability (CVE-2023-39336 / CVSS 9.6) in Endpoint Manager, which poses a risk of remote code execution on vulnerable servers.
👩💻 80% of today's data breaches involve compromised identities, including cloud and SaaS credentials. Find out how Nudge Security can help you monitor your SaaS attack surface and protect your valuable assets.
Le Profezie di Sam Altman! Tra cambiamenti epocali di internet, reddito universale ed energia pulita. Facciamo il punto
Sam #Altman è il CEO di #OpenAI, la #startup che ha sviluppato #ChatGPT che conosciamo tutti. Nel novembre 2023 è stato improvvisamente licenziato dal consiglio di amministrazione e trasferito per un breve periodo a #Microsoft. È tornato dopo che tutti in OpenAI hanno minacciato di dimettersi.
New Year’s Eve: Musings on Y2K
At 3pm PST on 31 December, 1999, I sat down at the computer in my home office in Yakima, Washington. I logged remotely into the network at HQ and started monitoring our systems. The most critical moment would come at 4pm local time. We were in Pacific Standard Time (PST), -0800 UTC. In other words, at 4pm in Yakima, it would be midnight in Greenwich, England, where the time zone aligns with Coordinated Universal Time. (Coordinated Universal Time is abbreviated as UTC, not CUT, because there are actually other languages in the world besides English, and… never mind. Look it up if that story interests you).
Anyway.
The GPS satellites run on UTC, and our entire multi-state operation depended on GPS timing. My first hint of system failure because of a Y2K bug would occur at midnight, UTC.
Beginning at 3:55pm I began testing the major system once a minute. At 4:05pm I sent out the notice to corporate management that all was well.
I tested hourly, then, but the next critical moment wasn’t until 9pm PST, which was when midnight occurred on the US East Coast. Our equipment was all in MST and PST, but some of our many telecom providers might have systems with local time coordination in some other US time zone. (They’d all be using GPS now, but – this was 1999, and US telecommunications had plenty of legacy systems with other clocking methods).
In the end, nothing failed. Our entire system worked.
This wasn’t because Y2K was overblown.
It was because we replaced our billing system, which wasn’t able to generate an invoice after the date flip.
It was because we did software updates on several proprietary systems that would have failed.
It was because we did firmware updates, too.
Equipment inventories.
Application inventories.
Operating system inventories.
Software version inventories.
Firmware version inventories.
The reason January 1, 2000 seemed like such an ordinary day is because of the MASSIVE amount of work and money spent to make it ordinary. There are unsung heroes around the world who put in the work to update or replace systems that would’ve failed otherwise.
If you’re one of those people, I would love to hear your story.