Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

Researchers Discover LG Smart TV Vulnerabilities Allowing Root Access

The Hacker News - 9 Duben, 2024 - 15:05
Multiple security vulnerabilities have been disclosed in LG webOS running on its smart televisions that could be exploited to bypass authorization and gain root access on the devices. The findings come from Romanian cybersecurity firm Bitdefender, which discovered and reported the flaws in November 2023. The issues were fixed by LG as part of updates released on March 22, 2024. The
Kategorie: Hacking & Security

Researchers Discover LG Smart TV Vulnerabilities Allowing Root Access

The Hacker News - 9 Duben, 2024 - 15:05
Multiple security vulnerabilities have been disclosed in LG webOS running on its smart televisions that could be exploited to bypass authorization and gain root access on the devices. The findings come from Romanian cybersecurity firm Bitdefender, which discovered and reported the flaws in November 2023. The issues were fixed by LG as part of updates released on March 22, 2024. The Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Canonical Makes Network Management Simpler and More Secure with Netplan 1.0

LinuxSecurity.com - 9 Duben, 2024 - 14:29
Canonical , the company behind Ubuntu , has introduced Netplan 1.0 , a network configuration tool that simplifies networking configuration on Linux systems. Netplan acts as a control layer above network stacks like systemd-networkd and NetworkManager, allowing administrators to manage and configure them easily.
Kategorie: Hacking & Security

CL0P's Ransomware Rampage - Security Measures for 2024

The Hacker News - 9 Duben, 2024 - 13:24
2023 CL0P Growth  Emerging in early 2019, CL0P was first introduced as a more advanced version of its predecessor the ‘CryptoMix’ ransomware, brought about by its owner CL0P ransomware, a cybercrime organisation. Over the years the group remained active with significant campaigns throughout 2020 to 2022. But in 2023 the CL0P ransomware gang took itself to new heights and became one of the
Kategorie: Hacking & Security

CL0P's Ransomware Rampage - Security Measures for 2024

The Hacker News - 9 Duben, 2024 - 13:24
2023 CL0P Growth  Emerging in early 2019, CL0P was first introduced as a more advanced version of its predecessor the ‘CryptoMix’ ransomware, brought about by its owner CL0P ransomware, a cybercrime organisation. Over the years the group remained active with significant campaigns throughout 2020 to 2022. But in 2023 the CL0P ransomware gang took itself to new heights and became one of the The Hacker Newshttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Yes, Apple’s Vision Pro is an enterprise product

Computerworld.com [Hacking News] - 9 Duben, 2024 - 12:01

Business users are picking up on Apple’s visionOS, exploring a range of mission-focused applications and prompting one leading SAP executive to call the tech, “a force multiplier for enterprises”. 

Apple improves its visionOS offer for the enterprise

Apple is aware of this and today Apple announced a new developer support module called the Enterprise Spatial Design Lab. These sessions will be available later this summer and are designed to provide enterprises with support to bring apps from concept to reality.

And in a second move, Deloitte announced today it is expanding its Apple practice to include a new Academy for Apple Vision Pro. With trained experts, the Academy aims to provide a series of one-week, instructor-led courses to help business users come to grips with the potential of visionOS

Why is business interested?

So, why are business tech leaders so excited? In the simplest terms, they see opportunities for new wearable computing interfaces using artificial intelligence (AI) to unlock productivity. Morgan Stanley analyst Eric Woodring got it right when he said in February, “The Vision Pro seems ripe for Enterprise adoption.”

Spatial computing isn’t just some kind of posh entertainment system (though it is also that); it’s an immersive augmentation environment in which computation becomes highly contextual. It also makes extensive use of AI and the on-chip Neural engine to handle tasks such as hand tracking, room mapping, and more. 

The hint that Apple expected leading edge users to work with the device first was — and still is, quite obviously — in the name (as well as the MDM support). Box CEO Aaron Levy is typical in sharing high expectations, telling me recently, “I think we’re going to look back on this period as probably the most transformative technology we’ve ever seen.”

What SAP says

SAP introduced a visionOS version of SAP Analytics Cloud on the day Apple shipped the product. It’s a tool that helps surface data-driven insights to improve business decisions. The app gives Vision Pro users a wide field of view, along with the capacity to drill deep down in data. This is not the only SAP application to make it to Apple’s new device – SAP Mobile Start is also available.

Philipp Herzig, chief AI officer for SAP SE, explained: “Going forward, we see the power of visionOS combined with generative AI being a force multiplier for enterprises.”

What Microsoft thinks

Apple and Microsoft worked together to ensure Microsoft 365 productivity apps were available with the introduction of Vision Pro. That also includes support for Microsoft’s own generative AI (gene) companion, Copilot. “Spatial computing has enabled us to rethink how professionals can be productive and work intelligently with the power of AI,” said Nicole Herskowitz, vice president for Microsoft 365 and Teams. “With Microsoft 365 and Teams on Apple Vision Pro, your office moves with you, allowing users to view apps side by side on an infinite canvas with spatial computing for incredible multitasking and collaboration. 

Porsche races into spatial

The Porsche Race Engineer app is a unique deployment that combines data in interesting ways for use in real life situations on the racetrack. What the app does is combine critical car data, such as speed and braking performance, and puts this beside track conditions, car positioning, and live video from the car’s dashboard.

 The idea is that the engineering teams have more insight into vehicle performance than ever before. Armed with the app, Porsche broke the US record for electric vehicles with the new Porsche Taycan Turbo GT earlier this year. This data may also be a glimmer of a future for car racing fans. “At Porsche, we’ve always been driven by dreams, and Apple Vision Pro has enabled us to reimagine track experiences,” said Oliver Blume, Porsche’s CEO. 

Take to the skies

KLM Royal Dutch Airlines is building an app it calls The Engine Shop. This is designed to teach aircraft maintenance to engineering technicians using real-life “digital twins” of the aircraft concerned. The idea is that technicians can learn about these machines without the cost of taking the plane offline for the hundreds of hours such training requires. 

“We see Apple Vision Pro as a tremendous value-add that will improve our fleet availability and operations,” said Bob Tulleken, KLM’s vice president of Operations Decision Support. “Training our employees with spatial computing will lead to fewer costly errors, because the most current information they need to do their job is there in front of them as they perform the task. This means we not only get vastly more efficient in our work, but also provide a better work environment for our employees to succeed.”  

NVIDIA gets spatial design

Every professional is aware that developing design and manufacturing processes is complex and requires large amounts of data from various sources. This has led many to ponder the use of digital twins. This is realized in Vision Pro, with NVIDIA Omniverse Cloud APIs enabling developers to stream massive 3D engineering and simulation data sets from the cloud to the device, which can then run highly detailed visuals and renderings that can also be manipulated in real time. This really matters to many industries and could help them optimize product and process design.

“The world’s industries are racing to build digital twins of products, facilities, and processes to better test and optimize designs well before constructing them in the physical world,” said Rev Lebaredian, NVIDIA’s vice president of Omniverse and Simulation Technology. “Enterprises can now combine the power and capabilities of Apple Vision Pro and the physically accurate renderings of OpenUSD content with NVIDIA accelerated computing to power the next generation of immersive digital experiences.”

What Apple said

“There’s tremendous opportunity for businesses to reimagine what’s possible using Apple Vision Pro at work,” said Susan Prescott, Apple’s vice president of Worldwide Developer Relations and Enterprise Marketing. “Combined with enterprise-grade capabilities like mobile device management built into visionOS, we believe spatial computing has the potential to revolutionize industries around the world.”

While there’s evidently some build-up of hype, the proof of any dessert is in its eating, and Apple today published first-hand insights from an array of business users already exploring the potential of Vision OS in scenarios as diverse as business management, training, engineering and beyond.

So, what else are enterprises devising?

Apple has published an extensive list that pretty much proves the claim that many enterprises are exploring use of Vision Pro to get things done. The activity is similar in the healthcare industry which seems to be rapidly embracing Apple’s product for use during surgery — including use in a shoulder operation

Webex by Cisco, Zoom, and Box are all visionOS savvy. Video conferencing gains support for Personas and Spatial Audio, while Box makes it easy for users to collaborate and securely manage files and content, including 3D objects, allowing them to intuitively bring this content into the world around them.

There’s also a new and extensive family of emergency response apps for the device. These combine real time with historical and location data to help improve incident management. For example, the FireOps app, developed by About Objects and DigitalCM, provides a unified operational view of Incident Action Plans (IAPs) to improve decisions made in life or death situations.

The list of apps is growing

Additional enterprise-focused apps that show what’s available include:

  • Lowe’s Style Studio, which lets customers visualize and design kitchens using Vision Pro.
  • JigSpace, which brings intuitive, hands-on inspection and effortless collaboration to help users communicate complex ideas, products, and processes with spatial context.
  • EnBW Energie, which enables visualization of renewable energy infrastructure projects.
  • Taqtile Manifest, which makes digital work instructions actionable with gesture or glance.
  • TeamViewer Spatial Support, which enables remote experts and service technicians to troubleshoot repair and maintenance processes.
  • BILT, which provides 3D interactive instructions with voice, text, and animated guidance for training and more.
  • Guided Work, a tool for architects, builders, and maintenance workers that provides contextual location based information, such as building schematics, work orders, and the position (if known) of plumbing, wiring and more.

Let me know as new solutions appear; I’m watching this space with interest.

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

Apple, Artificial Intelligence, Augmented Reality, Vendors and Providers
Kategorie: Hacking & Security

Feds say Microsoft security ‘requires an overhaul’ — but will it listen?

Computerworld.com [Hacking News] - 9 Duben, 2024 - 12:00

In early April, the US Department of Homeland Security (DHS)  delivered a blistering report excoriating Microsoft’s lax security practices, which allowed Chinese spies to hack into the accounts of high-level government officials, including Commerce Secretary Gina Raimondo, Ambassador to China Nicholas Burns, and Rep. Don Bacon (R-NE). (All are in charge of the country’s relationship with China.)

Typically, government investigations like this are staid affairs, ending in pallid reports offering wishy-washy critiques and even weaker recommendations. But this 29-page DHS report pulled no punches. It laced into Microsoft, calling out its security failures and pointing to “the cascade of Microsoft’s avoidable errors that allowed this intrusion to succeed.” Microsoft’s security infrastructure is so weak, the DHS said, that the company failed “to detect the compromise of its cryptographic crown jewels on its own, relying instead on a customer to reach out to identify anomalies the customer had observed.”

It added that Microsoft had purposely issued misleading statements about the attack, with the company claiming last fall it had found the root cause of the intrusion, when even today it still doesn’t know how it happened.

The report concluded the company’s security is “inadequate and requires an overhaul.”

There’s a long history of foreign governments targeting Microsoft security holes to hack top government officials and private companies. (In January, for example, I wrote about a  breach in which Russians hacked into the corporate accounts of Microsoft’s top executive team and staff and stole email and documents.)

Nothing seems to have changed since then, and it’s not clear whether the company’s security practices will change. To get a better sense of what the company might (or might not) do, let’s look at the Chinese hack.

What Microsoft did wrong

The DHS Cyber Safety Review Board’s report lays out the Chinese hack and Microsoft’s response in exquisite detail, revealing what the Washington Post calls Microsoft’s “shoddy cybersecurity practices, lax corporate culture and a deliberate lack of transparency.”

The attack was engineered by the Storm-0558 hacking group — doing the bidding of China’s most powerful spy service, the Ministry of State Security. Storm-0558 has a history of carrying out espionage-related hacks of government agencies and private companies dating back to 2000. Until now, the best-known one was Operation Aurora, brought to light by Google in 2010. The Council on Foreign Relations called that attack “a milestone in the recent history of cyber operations because it raised the profile of cyber operations as a tool for industrial espionage.”

According to the DHS report, the most recent hack took place after Storm-0558 got its hands on a “Microsoft Services Account (MSA)17 cryptographic key that Microsoft had issued in 2016.” Using the key, Storm-0558 forged user credentials and used them to log into government accounts and steal emails of Raimondo, Burns, Bacon, and others. 

There are other unsolved mysteries. The key should only have been able to create credentials for the consumer version of Outlook Web Access (OWA), yet Storm-0558 used it to create credentials for Enterprise Exchange Online, which the government uses. Microsoft can’t explain how that can be done.

There’s worse. That 2016 key should have been retired in 2021, but Microsoft never did so because the company had problems with making its consumer keys more secure. So the key, and presumably many others like it, remained as powerful as ever. And Storm-0558 did its dirty work with it.

This series of events — a key that should have been retired was allowed to stay active, the theft of the key by Storm-0558 stole the key, and then Storm-0558’s ability to use it to forge credentials to get access to enterprise email accounts used by top government officials, even though the key shouldn’t have allowed them to do so — represents the “cascade of errors” the DHS said Microsoft committed.

Making it all worse was the claim by Microsoft that it knew how the hack had been done, which was untrue. 

Will Microsoft really change its security culture?

Microsoft has been criticized for years for these kinds of attacks, and yet they continue. Will this time around be different?

Microsoft’s public response sounds as if it’s going to be business as usual. The company didn’t even take direct responsibility for the hacks. It told the Washington Post, “recent events have demonstrated a need to adopt a new culture of engineering security in our own networks. While no organization is immune to cyberattack from well-resourced adversaries, we have mobilized our engineering teams to identify and mitigate legacy infrastructure, improve processes, and enforce security benchmarks.”

That’s about as mealy-mouthed a statement you can make. And it’s especially mealy-mouthed because this hack required no feats of legendary hacking — just the use of an old encryption key that should have been deleted years ago. If Microsoft had followed basic security practices and taken that one simple step, none of this would have happened.

More disturbing is that the Russian hack of Microsoft officials in January was caused by a similar oversight: Microsoft forgot to delete an old test account, and hackers used basic techniques to break into it. Once they did that, they used the account’s permissions to steal emails and documents from Microsoft’s senior management and people who worked on its cybersecurity and legal teams, among other functions.

The Biden administration released a new National Cybersecurity Strategy more than a year ago. A fact sheet that went along with it warns, “Poor software security greatly increases systemic risk across the digital ecosystem and leave American citizens bearing the ultimate cost. We must begin to shift liability onto those entities that fail to take reasonable precautions to secure their software.” 

In the Russian and Chinese hacks, by no stretch of the imagination can you say Microsoft has taken “reasonable precautions” when it comes to cybersecurity — very much the opposite. But Congress has yet to take action against the company, for example, by taking away some of the many billions of dollars a year the government pays the company for software, the cloud, and other services.

There’s no way to know whether this time Microsoft will clean up its cybersecurity oversight. But if it doesn’t, the company isn’t the only one to blame. The federal government will share the fault as well, because so far it hasn’t even bothered to slap the company on the wrist.

Email Security, Government IT, Industry, Microsoft, Security
Kategorie: Hacking & Security

Attackers Using Obfuscation Tools to Deliver Multi-Stage Malware via Invoice Phishing

The Hacker News - 9 Duben, 2024 - 09:24
Cybersecurity researchers have discovered an intricate multi-stage attack that leverages invoice-themed phishing decoys to deliver a wide range of malware such as Venom RAT, Remcos RAT, XWorm, NanoCore RAT, and a stealer that targets crypto wallets. The email messages come with Scalable Vector Graphics (SVG) file attachments that, when clicked, activate the infection sequence, Fortinet
Kategorie: Hacking & Security

Attackers Using Obfuscation Tools to Deliver Multi-Stage Malware via Invoice Phishing

The Hacker News - 9 Duben, 2024 - 09:24
Cybersecurity researchers have discovered an intricate multi-stage attack that leverages invoice-themed phishing decoys to deliver a wide range of malware such as Venom RAT, Remcos RAT, XWorm, NanoCore RAT, and a stealer that targets crypto wallets. The email messages come with Scalable Vector Graphics (SVG) file attachments that, when clicked, activate the infection sequence, Fortinet Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks

The Hacker News - 9 Duben, 2024 - 07:46
Threat actors are actively scanning and exploiting a pair of security flaws that are said to affect as many as 92,000 internet-exposed D-Link network-attached storage (NAS) devices. Tracked as CVE-2024-3272 (CVSS score: 9.8) and CVE-2024-3273 (CVSS score: 7.3), the vulnerabilities impact legacy D-Link products that have reached end-of-life (EoL) status. D-Link, in
Kategorie: Hacking & Security

Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks

The Hacker News - 9 Duben, 2024 - 07:46
Threat actors are actively scanning and exploiting a pair of security flaws that are said to affect as many as 92,000 internet-exposed D-Link network-attached storage (NAS) devices. Tracked as CVE-2024-3272 (CVSS score: 9.8) and CVE-2024-3273 (CVSS score: 7.3), the vulnerabilities impact legacy D-Link products that have reached end-of-life (EoL) status. D-Link, in Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Embracing the Cloud: Revolutionizing Privileged Access Management with One Identity Cloud PAM Essentials

The Hacker News - 9 Duben, 2024 - 07:30
As cyber threats loom around every corner and privileged accounts become prime targets, the significance of implementing a robust Privileged Access Management (PAM) solution can't be overstated. With organizations increasingly migrating to cloud environments, the PAM Solution Market is experiencing a transformative shift toward cloud-based offerings. One Identity PAM Essentials stands
Kategorie: Hacking & Security

Embracing the Cloud: Revolutionizing Privileged Access Management with One Identity Cloud PAM Essentials

The Hacker News - 9 Duben, 2024 - 07:30
As cyber threats loom around every corner and privileged accounts become prime targets, the significance of implementing a robust Privileged Access Management (PAM) solution can't be overstated. With organizations increasingly migrating to cloud environments, the PAM Solution Market is experiencing a transformative shift toward cloud-based offerings. One Identity PAM Essentials stands The Hacker Newshttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

About the Best Places to Work in IT

Computerworld.com [Hacking News] - 8 Duben, 2024 - 23:26

Great news: Nominations are now open for Computerworld’s 2025 Best Places to Work in IT list. Nominate your organization today!

About the Best Places to Work in IT program

Computerworld conducts an annual survey to identify the best places to work for IT professionals. We invite readers, PR professionals and other interested parties to nominate companies they consider great employers for IT workers. You may nominate your own company. We then ask those nominated companies that meet our basic criteria to participate in our survey.

Once again, we are excited to extend this program, which has a 31-year history in the United States, to companies worldwide.

The employers in the Best Places list are evaluated by company size: Large companies have 5,000 or more employees; midsize have between 1,001 and 4,999 employees; and small companies employ from 100 to 1,000.

For a list of the 2024 honorees and more, please see our Best Places to Work in IT 2024 special report.

To be eligible, companies must have a minimum of 5 IT employees and a minimum of 100 total employees. We consider IT employees to be those IT workers who provide technology support and services to their own company — or to multiple companies through their work at an IT service provider. Workers who would *not* be included are administrative support staff for the IT department, staff who work in communications or PR for the technology department, IT contractors, or those staff whose primary role is in product development for outside sales.

Best Places to Work in IT is a global program. We ask that companies submit no more than one survey within any one country. If your company operates in multiple countries and you would like to submit a survey for your location only, please note this in the company name field (e.g., “Foundry North America” or “Foundry Germany”). If no location is specified in the company name, we will assume that the entry represents all locations worldwide.

In most cases, we prefer to have the parent company, rather than subsidiaries or affiliates, apply for the Best Places to Work in IT list. However, a subsidiary or affiliate may be eligible, providing that it stands out as a separate entity from the parent company, with separate business functions, IT leadership and so on. A subsidiary may also be eligible to apply separately if its parent company is a holding company. In those cases, the parent company and subsidiary may be able to apply separately. We encourage companies to complete the nomination form or contact us at [email protected], and our Best Places research team will evaluate the submissions on a case-by-case basis.

Questions about the Best Places to Work in IT program can be emailed to [email protected].

Frequently asked questions Survey requirements and eligibility Does my company have to be nominated to complete the survey?

No. Companies may participate even if they were not nominated. In lieu of a nomination, please send an email to [email protected] with the name and contact information (including email address) of the individual who should receive the company survey and other information; we’ll take care of the rest.

Does the Best Places to Work in IT list include public companies only?

No. The survey includes private as well as public companies.

What criteria must my company meet to participate?

To be considered for our Best Places to Work in IT list:

  • Companies must have a minimum of 5 IT employees.
  • Companies must have a minimum of 100 total employees worldwide.
  • In most cases, we prefer to have the parent company, rather than subsidiaries or affiliates, apply for the Best Places to Work in IT list. However, a subsidiary or affiliate may be eligible, providing that it stands out as a separate entity from the parent company, with separate business functions, IT leadership and so on. A subsidiary may also be eligible to apply separately if its parent company is a holding company. In those cases, the parent company and subsidiary may be able to apply separately. We encourage companies to complete the nomination form or contact us at [email protected], and our Best Places research team will evaluate the submissions on a case-by-case basis.
Who should complete the survey?

An individual familiar with employment statistics, benefits, policies and programs of your IT department and your company should complete the survey. This could be a human resources representative, a CIO or corporate PR representative — or a team of all the above.

Survey contents and procedures What does the company survey ask?

Our online survey includes questions about companies’ benefits, training and development, IT salary changes, percent of IT employees promoted, IT turnover rates, and the percentage of women employees in management in IT departments. In addition, we will collect information about diversity, equity and inclusion (DEI) programs, remote/hybrid working, and company growth.

Which employees are considered “IT workers” in this survey?

Answers to the survey should be based on those IT workers who provide technology support and services to their own company — or to multiple companies through their work at an IT service provider. Workers who wouldn’t be included are administrative support staff for the IT department, staff who work in communications or PR for the technology department, IT contractors, or those staff whose primary role is in product development for outside sales.

What happens if I leave a question blank on the survey?

You can’t leave a question blank if it is required. Many of the questions on the survey are required; the survey can’t be processed if they aren’t answered. Please answer to the best of your ability for questions with lists or options included. If any open-ended/text based questions aren’t applicable to your company, please indicate “NA” for “not applicable.” If there is a question you can’t answer fully given the format of the survey, you may briefly explain your answers in an addendum field that follows each survey section.

Companies that withhold information used to rank the finalists will have points deducted from their ranking. Answers that are left blank or have unexplained N/As will be assumed to be 0 (zero).

Companies must provide answers to questions related to data we run in our feature story and graphics in order to be considered. Please see below for the types of required information that are typically shared publicly.

Can I save my survey and come back to it at a later date?

Yes. You will be able to save your partially completed survey and can save a partially completed survey as many times as necessary. Please save your unique URL to re-enter the survey. When you return to the survey, you will be able to review/modify questions that you have already answered. However, we will continue to provide a printer-friendly version of the survey, and we recommend that you complete this survey, then enter your answers online.

How should I send my company’s information to Computerworld?

We accept company information from the online survey only. Please enter all data as accurately as possible. Provide company name, location, web address and other information, as you would like it to appear in print.

Can I get a copy of the survey to review before I go to the online survey and submit my company’s information?

Yes. A printer-friendly version of the 2025 Best Places company survey can be downloaded for reference. We encourage participants to complete the printer-friendly version offline before filling out the online survey.

Download: 2025 Best Places to Work in IT Company Survey
Printer-friendly copy of the 2025 Best Places to Work in IT company survey. Will Computerworld provide us with a copy of our submitted survey?

Upon request, Computerworld will email you a PDF of your company’s survey responses.

Is there an employee portion to the survey?

There is no longer an employee survey portion to the survey. Computerworld decided to make this change in the 2023 program to streamline the process for global participation and to enable companies with smaller IT departments to participate. In lieu of the employee survey portion of the program, Computerworld will be inviting a panel of judges consisting of industry experts to evaluate entries and confirm this year’s honorees.

List publication and notification When will the list of honorees be published?

The Best Places to Work in IT honorees will be announced in December 2024 on Computerworld.com.

When can I find out if my company is on the list?

Computerworld will notify companies that will be honored as a 2025 Best Place to Work in IT several weeks in advance of publication. Computerworld’s marketing group contacts honorees to offer assistance with press releases.

Is there a timeline to which I can refer for survey action items?

Below is the 2025 Best Places to Work in IT timeline.

Week of April 8, 2024

Nominations open for the 2025 Best Places to Work in IT. Nominated companies receive an email with a unique link to the Best Places company survey from Computerworld by the second week of April. Thereafter, company surveys will be sent on a rolling basis.

Monday, July 1, 2024

DEADLINE: Completed Best Places company survey is due to Computerworld.

November 2024

Best Places to Work in IT honorees are notified of their status.

December 2024

List of Best Places to Work in IT honorees is available online.

What information will be shared publicly?

Computerworld tries to avoid printing information that a company may consider competitive. The following information may appear publicly:

  • Company name
  • Location
  • Industry
  • Website
  • Total number of employees
  • Total number of IT employees
  • Percentage of IT employee turnover
  • Percentage of IT employee promotions
  • Number of training days offered per IT employee
  • Information from a 300-word essay outlining what’s special about your company and IT department

Please note that revenue, overall IT budget and other sensitive information will not be reported. Such information will be used only in aggregate format or for ranking purposes.

What if I have a question that was not answered in this FAQ?

Please email your questions to the following address: [email protected].

In the subject line, please include your company name and be as descriptive as possible in the subject line as to the nature of your inquiry.

Careers, IT Leadership
Kategorie: Hacking & Security

Hacked VMs Reveal New Attack Risks

LinuxSecurity.com - 8 Duben, 2024 - 17:58
Researchers have exposed new and sophisticated types of attacks that endanger the security and confidentiality of virtual machines (VMs). Two variations of Ahoi attacks, Heckler and WeSee, have been identified targeting hardware-based trusted execution environments, specifically AMD's Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) and Intel's Trust Domain Extensions (TDX) technologies.
Kategorie: Hacking & Security

Google Chrome Adds V8 Sandbox - A New Defense Against Browser Attacks

The Hacker News - 8 Duben, 2024 - 15:51
Google has announced support for what's called a V8 Sandbox in the Chrome web browser in an effort to address memory corruption issues. The sandbox, according to V8 security technical lead Samuel Groß, aims to prevent "memory corruption in V8 from spreading within the host process." The search behemoth has described V8 Sandbox as a lightweight, in-process sandbox
Kategorie: Hacking & Security

Google Chrome Adds V8 Sandbox - A New Defense Against Browser Attacks

The Hacker News - 8 Duben, 2024 - 15:51
Google has announced support for what's called a V8 Sandbox in the Chrome web browser in an effort to address memory corruption issues. The sandbox, according to V8 security technical lead Samuel Groß, aims to prevent "memory corruption in V8 from spreading within the host process." The search behemoth has described V8 Sandbox as a lightweight, in-process sandbox Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

CoCo VMs Will Now Panic If RdRand Is Broken in Linux 6.9

LinuxSecurity.com - 8 Duben, 2024 - 14:33
A significant change has been merged into the x86 fixes for Linux 6.9, requiring the seeding of RNG (Random Number Generation) with RdRand for CoCo (Confidential Computing) environments. The change focuses on CoCo virtual machines , designed to be as isolated as possible, assuming the VM host is untrusted. RdRand is critical as a hardware random number generator instruction for entropy to guest VMs. Security expert and WireGuard developer Jason Donenfeld authored this change.
Kategorie: Hacking & Security

Watch Out for 'Latrodectus' - This Malware Could Be In Your Inbox

The Hacker News - 8 Duben, 2024 - 13:29
Threat hunters have discovered a new malware called Latrodectus that has been distributed as part of email phishing campaigns since at least late November 2023. "Latrodectus is an up-and-coming downloader with various sandbox evasion functionality," researchers from Proofpoint and Team Cymru said in a joint analysis published last week, adding it's designed to retrieve
Kategorie: Hacking & Security

Watch Out for 'Latrodectus' - This Malware Could Be In Your Inbox

The Hacker News - 8 Duben, 2024 - 13:29
Threat hunters have discovered a new malware called Latrodectus that has been distributed as part of email phishing campaigns since at least late November 2023. "Latrodectus is an up-and-coming downloader with various sandbox evasion functionality," researchers from Proofpoint and Team Cymru said in a joint analysis published last week, adding it's designed to retrieve Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security
Syndikovat obsah