#otd #startrek #enterprise #futuretense #archer #tpol #reed #triptucker #hoshisato #mayweather #phlox #AdmiralForrest #suliban #tholian #startrek59 @trekcore

How Medplum Secured Their Healthcare Platform with Docker Hardened Images (DHI)
#Docker #Community #Engineering #Solutions #DHI #DockerHardenedImages #Enterprise #Security

https://www.docker.com/blog/medplum-healthcare-docker-hardened-images/

#StarTrek #Enterprise

#StarTrek #Enterprise

#StarTrek #Enterprise

https://www.secretz.io/

OpenBao Enterprise support just landed

#secretz #openbao #opensource #enterprise #secretsmanagement

ITmedia NEWS (@itmedia_news)

기업용 Microsoft 365 Copilot이 DLP(데이터 유출 방지) 설정을 무시하고 기밀 이메일 내용을 요약한 사례가 보고되어 Microsoft가 수정 프로그램을 배포 중이라는 경고입니다. 기업 보안·프라이버시 영향과 설정 검증 필요성을 시사합니다.

https://x.com/itmedia_news/status/2024268965779034596

#microsoft #copilot #security #dlp #enterprise

Log4Shell

TIL about the breakdown of the Log4Shell shared library.

• Date of occurence
• 24 November 2K21
• location of programmer at home with his son logging into minecraft (which failed)
• this vulnerability had existed unnoticed since 2013
• it was privately disclosed to the Apache Software Foundation { Log4j is a project}
• discloser: Chen Zhaojun of Alibaba Cloud's infosec team
• date 24 November 2021
• exploit severety MAXIMUM
• It's simple to execute
• estimation of affect ration of 50% of the internet (many hundreds of millions of devices)
• vulnerability abuses Log4j allowing requests to arbitrary LDAP and JNDI servers
• that allows attackers to
• execute arbitrary Java code on server / client
• leak sensitive data

Innerworkings

• Log4j
• open-source logging framework
• enables programmers to log data within their applications
• can include user input
• is used ubiquitously in Java programs especially enterprise software
• Originally written in 2001 by Ceki Gülcü
• part of Apache Logging Services
• project of the Apache Software Foundation

Tom Kellermann, a member of President Obama's Commission on Cyber Security

• Apache is "one of the giant supports of a bridge which facilitates the connective tissue between the worlds of applications and computer environments

Affected commercial services

• Amazon Web Services {AWS}
• Cloudflare
• iCloud {Apple infrastructure}
• Minecraft: {Java}
• Steam {multi platform gaming}
• Tencent QQ### Wiz and EY sate that the vulnerability affected 93% of enterprise cloud environments

The Log4Shell vulnerability's disclosure received strong reactions from cybersecurity experts.

Cybersecurity company Tenable stated

• exploit is "the single biggest, most critical vulnerability ever## Ars Technica
• arguably the most severe vulnerability ever

Quote
Log4j is foundational software. This 20+ year-old Java logging library quietly powers system events in applications worldwide, like user logins and calculation results. But this small piece of software had quietly become a dependency in thousands of projects across the Java ecosystem.

Opinion & reaction

• I'm blown away by the events leading to the tornadoes & typhoons that followed shortly after in the OpenSource programming World
• Fifty percent of software was affected with 93% of enterprise software sub section
• Log4Shell is a critical infrastructure level shared library
• nearly everyone using java depends on it's functional I/O

Analysis

• why do most Open Source software users only contact programmers when bugs are detected?
• why do they (almost) never get compliments when it goes well?
• programmers burn out after a while and leave projects abandoned
• when you were a kid, your mom / dad / family complimented you on good results
• programmers need the same
• otherwise they will leave the projects

Open Source programming is a thankless job

• Zero cash influx
• no thank you's
• complaints even when software has long matured to stable levels
• entitled users
• threats to be Doxxed or worse

Be nice to Open Source programmers

• If you have following contact here on the Fediverse with one say thank you
• don't expect replies (esp when hundreds to thousands of followers are indicated)
• realize you either can't code programs of that caliber or don't want to invest the time
• I am lucky to have conversational contact ont the FediVerse with critical infrastructure programmers
• I always say thank you, because I know how hard it is to write software of that magnitude
• when I review their software, I am critical, but formulate my words and sentences in a manner I would want to read them if places were switched
• I am thankful first, thus send them Universal Love and Universal Energy
• My toot history stand for these statements (on my other Fediverse accounts)

Don't be a dick!

Be nice to programmers

Give them Love

Z

#Log4Shell #TIL #programming #data #Java #exploit #ZeroDay #technology #Enterprise #networking #OpenSource #POSIX #BSD #freeBSD #ghostBSD #openBSD #Linux #win64 #mac #history #reading

Sources:

https://github.blog/open-source/inside-the-breach-that-broke-the-internet-the-untold-story-of-log4shell/

https://en.wikipedia.org/wiki/Log4Shell

Vorschau auf den #Enterprise Policy Generator 8.0 für #Firefox: Einträge verschieben per Drag and Drop – Steuerung auch via Tastatur möglich

#otd #startrek #enterprise #affliction #archer #tpol #reed #triptucker #hoshisato #mayweather #phlox #Antaak #GeneralKVagh #ErikaHernandez #Harris #Marab #CommanderCollins #CommanderKelby #startrek59 @trekcore

#otd #startrek #enterprise #doctorsorders #archer #tpol #reed #triptucker #hoshisato #mayweather #phlox #startrek59 @trekcore

#StarTrek #Enterprise

#StarTrek #Enterprise

#StarTrek #Enterprise

Thomas Kurian (@ThomasOrTK)

Google Cloud와 Unilever가 향후 5년간의 파트너십을 발표했습니다. 이 협약은 Unilever의 AI 우선 전환을 가속화해 차세대 마케팅, 에이전트형 워크플로우 및 지능형 커머스 역량을 브랜드 포트폴리오 전반에 구현하는 것을 목표로 합니다.

https://x.com/ThomasOrTK/status/2023821871867965892

#googlecloud #unilever #partnership #enterprise

The Stack: You’ve put AI everywhere! But can you insure against AI going wrong?

https://fed.brid.gy/r/https://pivot-to-ai.com/2026/02/17/the-stack-youve-put-ai-everywhere-but-can-you-insure-against-ai-going-wrong/

Unit 42: Identity gaps and AI speed increase enterprise risks https://techhq.com/news/unit-42-identity-gaps-and-ai-speed-increase-enterprise-risks/ #unit42 #paloaltonetworks #cybersecurity #threatintel #ciso #enterprise #infosec #ai #technology

AI Workflows, RAG и агенты: как устроена GenAI-автоматизация корпоративного уровня

Искусственный интеллект перестал быть экспериментом, технология GenAI становится полноценным участником корпоративных бизнес-процессов. В ИТ-поддержке автоматически обрабатываются типовые обращения, HR-департаменты ускоряют онбординг новых сотрудников, бухгалтерия больше не вводит данные вручную. За этими результатами стоят инструменты для ИИ-автоматизации бизнес процессов: визуальные конструкторы, библиотеки готовых AI-инструментов, корпоративная память и автономные ИИ-агенты. В этом материале разбираемся, как устроена ИИ-автоматизация изнутри: какие компоненты необходимы, как они взаимодействуют и почему создать интеллектуальный процесс можно без программистов — на примере

https://habr.com/ru/companies/simpleone/articles/1000320/

#lowcode #genaiплатформа #enterprise #цифровая_трансформация

Thread 2/3

Gleichzeitig nutzen wir intern alles, was der teuerste #enterprise Plan von #microsoft hergibt, inkl. #GitHubCopilot. Und ja, ich kann und muss mir den über einen hausinternen Antrag freischalten lassen. #github Enterprise für "nur uns zugängliche" Repos + #vscode (nicht als Pflicht, aber defacto nutzt und empfiehlt es jeder) als Code Editor.

Der #vpn Server steht nicht bei uns, sondern in der #cloud in den #usa ( #zscaler ).

#StarTrek #Enterprise