PC manufacturer Lenovo has been forced to push out a security update to more than two dozen of its laptop models, following the discovery of high severity vulnerabilities that could be exploited by malicious hackers. Security researchers at ESET discovered flaws in 25 of its laptop models - including IdeaPads, Slims, and ThinkBooks - that could be used to disable the UEFI Secure Boot process.

Many of the benefits of running Kubernetes come from the efficiencies that you get when you share the cluster – and thus the underlying compute and network resources it manages – between multiple services and teams within your organization. Each of these major services or teams that share the cluster are tenants of the cluster – and thus this approach is referred to as multi-tenancy.

Netskope Threat Labs spotted a new crypto-phishing attack that aims to steal sensitive data from crypto wallets, including private keys and security recovery phrases, disguising itself as a service to revoke stolen ERC (Ethereum Request for Comments) assets. The page was created and hosted with Netlify, which is a free cloud service to create websites and apps.

The awaited OpenSSL 3.0.7 patch was released on Nov. 1. The OpenSSL Project team announced two HIGH severity vulnerabilities (CVE-2022-3602, CVE-2022-3786), which affect all OpenSSL v3 versions up to 3.0.6. These vulnerabilities are remediated in version 3.0.7, which was released Nov. 1. The vulnerabilities fixed include two stack-based buffer overflows in the name constraint checking portion of X.509 certificate verification.

The length of an average SOC 2 audit depends on a lot of variables, but with Vanta, customers can get a SOC 2 Type I report in weeks, and a SOC 2 Type II report within months. ‍ Audit timelines are difficult to project because each organization has different capabilities, resources, and goals. But after helping thousands of businesses tackle SOC 2 audits, we’ve developed a reliable timeline of what most customers can expect. ‍

SecurityScorecard, the global leader in cybersecurity ratings, commented on the Federal Energy Regulatory Commission’s (FERC or “Commission”) proposal to establish rules for incentive-based rate treatments for certain voluntary cybersecurity investments by utilities. Cybersecurity is among the greatest threats to the resilience and reliability of America’s critical infrastructure, including its electricity infrastructure.

Digital transformation in banking began following the creation of the internet in the 1990s as a way for banks to deliver services to their customers more conveniently. Today, it has completely changed how most people interact with their banks. From opening a new account to making transactions and applying for loans, you can access all banking services directly from your computer or smartphone.

Nightfall customers have always lauded the platform’s ease of use and simplicity, but our team is always hard at work looking for ways to improve user experience. This month, we’ve made multiple features GA across the platform, that will further your ability to further customize what content and files trigger Nightfall detectors as well as the ways you can ingest this data.

Hack weeks and hack-a-thons are like foosball tables; if you don’t have them, are you even a tech company? These events, once revered for innovation, are now relegated to being blasé and often perceived as little more than playtime for engineers. As someone who’s worked in tech for longer than I care to admit, I had started to ignore them - until I came to Forward Networks.