February

70% of CIOs anticipate their involvement in cybersecurity to increase

2023-02-01 04:30

Budgets expected to increase despite economic concerns. Foundry's research shows that CIOs are optimistic about budgets going into 2023, despite the state of the economy.

#CIO #cybersecurity

Mix of legacy OT and connected technologies creates security gaps

2023-02-01 04:00

While machine-to-machine communication and machine learning have helped industrial firms improve quality, maintenance and machine life, many are now using a complicated mix of legacy OT and connected technologies that is rife with security gaps. Their current OT security solutions often need more visibility into IoT, mobile and wireless assets.

#OT #security

Additional Supply Chain Vulnerabilities Uncovered in AMI MegaRAC BMC Software

2023-02-01 03:14

Two more supply chain security flaws have been disclosed in AMI MegaRAC Baseboard Management Controller software, nearly two months after three security vulnerabilities were brought to light in the same product. Firmware security firm Eclypsium said the two shortcomings were held back until now to provide AMI additional time to engineer appropriate mitigations.

#supplychain #vulnerabilities #CVE-2022-26872 #CVE-2022-40259 #CVE-2022-40242 #CVE-2022-40258 #CVE-2022-2827

New Sh1mmer ChromeBook exploit unenrolls managed devices

2023-02-01 00:02

A new exploit called 'Sh1mmer' allows users to unenroll an enterprise-managed Chromebook, enabling them to install any apps they wish and bypass device restrictions. To bypass these restrictions, security researchers from the Mercury Workshop Team have developed a new exploit called 'Shady Hacking 1nstrument Makes Machine Enrollment Retreat', or 'Sh1mmer,' that lets users unenroll their Chromebooks from enterprise management.

#chromebook #exploit