Windows Zero-Day Exploited by New 'SandCat' Group

SecurityWeek | December 12, 2018

Experts believe that the Windows kernel zero-day vulnerability fixed this week by Microsoft with its Patch Tuesday updates has been exploited by several threat actors, including a new group. The actively exploited vulnerability, tracked as CVE-2018-8611, has been described by Microsoft as a privilege escalation issue related to the failure of the Windows kernel to properly handle objects in memory. The flaw was reported to Microsoft by researchers at Kaspersky Lab. This was the third month in a row Microsoft patched a Windows zero-day reported by the cybersecurity firm – in October it fixed CVE-2018-8453, which had been exploited by FruityArmor, and in November it resolved CVE-2018-8589, which had been used by multiple threat groups in attacks mostly aimed at the Middle East. Kaspersky has described CVE-2018-8611 as a race condition in the Kernel Transaction Manager. The company says the vulnerability can be used not only to escalate privileges, but also to escape the sandbox of the Chrome and Edge web browsers. “This vulnerability successfully bypasses modern process mitigation policies, such as Win32k System call Filtering that is used, among others, in the Microsoft Edge Sandbox and the Win32k Lockdown Policy employed in the Google Chrome Sandbox. Combined with a compromised renderer process, for example, this vulnerability can lead to a full Remote Command Execution exploit chain in the latest state-of-the-art web-browsers,” Kaspersky explained. The security firm says it has found several builds of an exploit for this vulnerability, including one adapted for the latest versions of Windows.

Spotlight

DevOps is a set of operating practices supplemented by tool kits that promise to transform the speed and quality with which IT organizations deliver applications and services to businesses. However, the euphoria associated with the concept and its benefits has not been matched by its actual adoption. This is largely due to three major stumbling blocks: the state of organizational preparedness; the number of extant heritage applications and systems in an IT landscape; and concerns about reliability, security and compliance.

Spotlight

DevOps is a set of operating practices supplemented by tool kits that promise to transform the speed and quality with which IT organizations deliver applications and services to businesses. However, the euphoria associated with the concept and its benefits has not been matched by its actual adoption. This is largely due to three major stumbling blocks: the state of organizational preparedness; the number of extant heritage applications and systems in an IT landscape; and concerns about reliability, security and compliance.

Related News

FUTURE TECH

The Innovation Labs Preferred Partner Program helps BMC focus on the future

BMC | June 03, 2022

BMC, a global leader in software solutions for the Autonomous Digital Enterprise, introduced the BMC Innovation Labs Preferred Partner Program, a high-touch, a highly collaborative co-innovation program designed for and by BMC partners and clients. The program focuses on ideation and experimentation in order to build and market modern technology solutions that will assist customers in their Autonomous Digital Enterprise journey. The BMC Innovation Labs Preferred Partner Program was established to give partners dedicated facilities to develop new and disruptive concepts that go beyond traditional enterprise IT. It encourages new ideas and viewpoints, and it employs group ideation through a diverse partner ecosystem to anticipate and respond to customers' requirements more rapidly and efficiently. Customers can also help accelerate the innovation process by engaging with BMC, and its Innovation Labs recommended partners to design, test, and provide real-time feedback on new ideas. "Working with BMC Innovation Labs is powerful and exciting. It's all about collaboration, agility and creativity, constantly driving the development of innovation solutions that accelerate the business outcomes for our joint customers, and giving them the differentiation they seek. As experts in digital enterprise management solutions, we value the impressive ecosystem that BMC is beginning to assemble. We're excited to extend our 25-year partnership with BMC and bring CyberMAK's industry domain knowledge and technological expertise to the table as we co-innovate on market-changing solutions that will truly move the needle for our customers." Colin Miranda, CEO at CyberMAK Digital transformation alters the way businesses function and provide value to their customers. This necessitates firms across all industries challenging the current quo, experimenting, and becoming accustomed to constant iteration. The Innovation Labs were launched by BMC in 2020, with programming originally focusing on co-innovation across industries such as oil and gas, retail, customer service, transportation, and communications service providers. Artificial intelligence, machine learning, the Internet of Things, knowledge analytics, blockchain, and big data automation will all be part of the program. "BMC has a history of innovation to help our customers continue to transform. Today, we have our eye on the future, and our partners play an important role," said Ram Chakravarti, chief technology officer at BMC. "Our innovation ecosystem aims to bring together some of the industry's brightest minds to design game-changing solutions, test and apply new technologies – and ultimately build aligned technology roadmaps for commercially viable solutions. We are excited to showcase the power of our partnerships to help organizations around the world solve real-world business challenges in their Autonomous Digital Enterprise journey."

Read More

GENERAL AI

Deloitte partners with IIT Roorkee to develop AI talent

Deloitte | June 01, 2022

Deloitte and IIT Roorkee have formed a strategic partnership to conduct rigorous, immersive artificial intelligence (AI) and machine learning (ML) programs aimed at developing the next generation workforce. This partnership intends to change the way businesses and universities collaborate to close the AI talent gap and develop future leaders with advanced AI skills. In addition, this collaboration can provide Indian talent with industry-relevant capabilities in new-age tools and create a blueprint for AI's future. Deloitte's partnership with IIT Roorkee aligns with the Indian government's "Digital India" goal, which aims to create a digitally empowered society and knowledge economy. AI proficiency will be critical in addressing current, emerging, and future employment opportunities, as well as in helping to make the workforce market-ready, given India's large pool of tech-savvy talent, robust technology ecosystem, proliferating opportunities requiring digital skills in all fields, and growing innovation-led entrepreneurship. "We at Deloitte are committed to developing new talent with the right skill sets to deliver on the benefits of AI for business and all of society. As we look to facilitate our clients' journeys to becoming AI-fueled organizations, our collaboration with IIT Roorkee will educate future business leaders, instilling AI proficiency designed to broaden the pool of business-ready, AI talent." Jason Girzadas, managing principal, businesses, global and strategic services, Deloitte Consulting LLP The Indian Institute of Technology, Roorkee, is one of the most prestigious institutes for higher technological education, engineering, and applied research in the country. The Institute, which is celebrating its 175th anniversary, has played a critical role in disseminating technical knowledge and the pursuit of research. The Institute is one of the world's best technological institutions, contributing to all aspects of technological growth. In the domains of science, technology, and engineering, it is regarded as a trailblazer in terms of teaching and research. "The Deloitte AI Academy's collaboration with IIT Roorkee brings together in-depth business knowledge, mastery of technology and the rigor of academics to provide practitioners with an immersive learning experience that will accelerate their careers and help them thrive in the increasingly dynamic AI market," said Nitin Mittal, principal, U.S. AI leader, Deloitte Consulting LLP and Vishal Sharma, president and national managing director, Deloitte Consulting US India. Deloitte is a leader in AI, intending to become the No. 1 talent destination for people wishing to help businesses become AI-Fueled. The Deloitte AI Academy offers a complete learning experience by bringing together an education ecosystem, including academics, technology startups, corporate learning providers, and Deloitte AI experts. The Deloitte AI Academy, which will open in September 2021, aims to train up to 10,000 professionals in the United States, India, and other countries over the next four years.

Read More

AI TECH

SysAid launches AI Service Desk, a chatbot on Microsoft Teams

SysAid | June 30, 2022

A conversational chatbot within Microsoft Teams that is powered by SysAid's IT automation capabilities has just been launched, according to the leading provider of IT service automation SysAid. The AI-powered service desk improves the employee experience while reducing the amount of time that employees and IT specialists spend on ticket resolution. It also enhances productivity and frees them up to concentrate on creating new business value. Due to changing workplaces, organizations are dealing with two problems. Following the Great Resignation, organizations have made empowering people a top priority. As a result, employees have higher expectations and want to get the help they need whenever and wherever they need it, including IT service. However, the shift to remote and hybrid work provided a significant problem for IT teams due to the proliferation of cloud-native environments, multiple devices connected to business systems, and numerous app integrations. The reality of hybrid work is continuously changing, which has raised the workload for IT departments, overwhelmed personnel, prolonged resolution times, and heightened employee resentment. Both issues are addressed by the new AI Service Desk, ensuring that employees have the experience they want and removing the obstacles IT teams face in trying to keep up with employee demands. With Microsoft Teams, a platform that has experienced remarkable growth and has over 270 million users worldwide, employees are given the ability to design and manage their IT service demands. Employees can easily and quickly resolve IT issues thanks to the employee-centric service desk, which autonomously calculates the necessary steps, routes and escalates tickets, automates activities, and activates workflows to answer requests. In addition, the Microsoft Teams bot will soon get NLP (Natural Language Processing) driven features that will allow it to respond to staff inquiries based on knowledge base articles. "We have been working hand in hand with IT professionals from every industry for many years, and are acutely aware of the shifting challenges facing our customers, with high-volume low-value tasks bogging IT teams down. Automation and self-service capabilities are not only the key to letting IT teams get back to creating new value, they are the only feasible method of adapting to whatever changes the future of work may hold. We are proud to bring this critical tool to our customers, enabling them to scale in any work environment." Sarah Lahav, CEO of SysAid In order to focus on their own responsibilities and speed up the successful settlement of IT issues, employees may now open, manage, update, monitor, and close tickets without ever leaving their work surroundings. Additionally, the AI Service Desk gives IT departments the ability to inspect, safeguard, and manage their assets directly from SysAid's service desk, increasing organizational visibility and improving the administrative experience.

Read More