Category Archives: Technology

NXP’s S32K3 Automotive MCUs are Ready for AWS Cloud Services

4th October 2023: S32K3-based zonal aggregators and end nodes can now access cloud services, further expanding cloud access across the S32 vehicle compute platform. New S32K3 capability provides automakers flexible cloud connectivity for new vehicle architectures.

NXP® Semiconductors extends its support for secure cloud connectivity across the NXP S32 vehicle compute platform by integrating Amazon Web Services (AWS) cloud services into its widely-adopted S32K3 automotive microcontroller series for body, zone control, and electrification applications. The end-to-end vehicle data solution now spans across the automotive processing solutions S32K3, S32Z/E, S32G2 and S32G3, enabling new in-vehicle and secure cloud services. Using FreeRTOS libraries supporting AWS IoT Core, NXP’s S32K3 with integrated cloud connectivity speeds up the development time for software-defined vehicles (SDVs) to securely connect to the cloud and deliver vehicle data-driven insights and services and over-the-air (OTA) updates. The software libraries also enable seamless connectivity between the S32K3 and devices running AWS IoT Greengrass.

Secure cloud connectivity services will fuel a new era of advanced, data-driven automotive experiences and revenue streams. Access to and processing of real-time, vehicle-wide data with secure access to cloud services and machine learning can enable intelligent vehicles that continually improve with over-the-air updates. Automakers can gain insights into vehicle performance and health, driver behavior, traffic patterns, and more. Similarly, end consumers can benefit from the extended longevity of their vehicles and added features. Mobility businesses can exploit the streamlined cloud connectivity support to quickly innovate and offer new applications. For example, the data collected and analyzed can lead to new revenue streams with services such as usage-based insurance.

In 2020, NXP announced their work with AWS that resulted in the integration of AWS IoT services with NXP’s S32G vehicle network processor for service-oriented gateways. The NXP S32 devices’ software with AWS cloud solution supports a range of communication technologies, and can be used with wireless connectivity technologies like 4G/5G cellular and Wi-Fi. Now NXP S32K3 devices can connect directly to AWS cloud services or a more powerful S32G device using AWS cloud services such as AWS IoT Core, AWS IoT Greengrass or AWS IoT FleetWise.

Extending AWS connectivity to S32K3 gives automotive OEMs the flexibility to build AWS cloud connectivity into their vehicles regardless of the vehicle architecture used and supports the vehicle architecture transition. This includes architectures in which the S32K3 acts primarily as an end node or zonal controller and supplements an S32G vehicle network processor, as well as configurations with multiple S32K devices without an S32G processor, with at least one S32K3 acting as a gateway to access AWS cloud services.

The combination of NXP’s S32 vehicle compute platform and AWS cloud connectivity is appropriate for different mobility types. For instance, the direct connection of the S32K3 devices to the cloud is suitable for smaller vehicles such as electric bicycles and scooters. Here, the S32K3 devices act as the aggregator or main controller.

Lumina Datamatics Launches Artificial Intelligence Services for Publishers

India, September 30, 2023 – Lumina Datamatics, a leading global provider of content and technology solutions, is proud to announce it has launched its Artificial Intelligence (AI) Services for Publishers. Lumina Datamatics’ AI will enhance user experience, save time and money, ensure accessibility compliance, and improve assessment development quality.

The AI-powered services include Content Enrichment, Image Recognition, and Assessment Author:

Content Enrichment: Enhance user experience and discoverability. Our AI algorithms can automatically interpret, summarize, categorize, and enrich your content while saving hours of manual work.

Image Recognition: Create alt text for images at an unprecedented speed. The service is built utilizing a Convolutional Neural Network to generate labels for subject images that are transformed into meaningful sentences through Natural Language Processing algorithms.

Assessment Author: An AI-driven item generator that uses large language models to improve the efficiency, consistency, and quality of assessment development. Find out more: https://assessmentauthor.ai/

Mr. Sameer L. Kanodia, Managing Director & CEO, Lumina Datamatics, said, “Publishers have long struggled with efficiently managing massive amounts of digital content. Publishers can now improve the quality and discoverability of their content, reduce their costs, and save time while maintaining the highest content security and data protection.”

Hidden gems from tier 1 and 2 colleges steal spotlight in Contentstack Techsurf 2023

Mumbai, 30th September 2023 – Contentstack, the leading Digital Experience Platform (DXP) provider, recently concluded Techsurf 2023, the brand’s annual Pan India college coding hackathon. This was the 4th edition of the prestigious event, a two-month-long coding saga aimed at identifying and celebrating the budding technological talent in India. This year’s competition was open to students graduating in 2024 and 2025 from B.Tech/B.E., B.Sc. IT, BCA, and MCA streams. 34,396 students registered for the event from 2,825 colleges across the country.

The competition kicked off with the Quiz Round, with 11,019 students displaying their knowledge and expertise. Only 736 candidates reached the second Video Pitch Round, and were able to showcase their innovative ideas and solutions. The judges handpicked 42 exceptional participants to advance to the Prototype Submission round, where they brought their visions to life.

After weeks of extensive competition, Contentstack proudly unveiled the winners during a LinkedIn live event. Aman Gupta from Ganeshi Lal Bajaj Institute Of Technology And Management emerged as the champion, securing ₹2 lakh for his exceptional coding skills. Following closely, Ankur Kumar Raj from IIT Kanpur claimed the 1st runner-up position, while Ayush Dubey from KIET Group of Institutions and Aditya Kumar from JIIT secured the 2nd and 3rd runner-up spots, respectively. The runners-up were rewarded with generous cash prizes: ₹1 lakh for the 1st runner-up and ₹50 thousand each for the 2nd and 3rd runners-up.

Besides the cash prizes, all hackathon winners have the remarkable opportunity to join Contentstack as Associate Application Engineers after successfully clearing the pre-placement interview with the panel. This opportunity will enable them to kickstart their careers at Contentstack, the company that aims to make a dent in the digital experience space with relentless innovation and advanced technology.

Nishant Patel, Contentstack’s Chief Technology Officer, expressed immense satisfaction with the competition’s extensive reach: “We are thrilled to witness the overwhelming response to this year’s Techsurf. It’s a testament to the exceptional talent that resides in India.”

Vasu Kothamasu, Contentstack’s General Manager of India and Global Engineering Leader, added: “This hackathon has not only showcased the technological prowess of these young talents but also instilled a sense of confidence in us about the future of tech in India. The innovation and dedication we witnessed throughout the competition are truly remarkable, and we are excited to see how these young minds will shape the technological landscape of our nation.”

Contentstack remains committed to developing unique solutions to the challenges in the rapidly evolving tech landscape while remaining absolute in its commitment to nurturing budding tech talents with plans to continue organizing such engaging events.

MIT Technology Review Insights and HCLTech poll with global tech leaders highlights the advantages of early-career programs

NEW YORK and NOIDA, India, September 22, 2023 — A new survey from HCLTech, a leading global technology company, in collaboration with MIT Technology Review Insights, found that only 17% of global tech leaders surveyed say their organization currently recruits candidates who do not have a formal college degree. The poll also highlights the importance of apprenticeship programs, building new approaches to talent shortages and investing in the next generation of workforce.

The poll highlights three key takeaways:

In the face of ongoing staffing shortages, finding and retaining IT and tech talent is a great challenge—and a competitive opportunity.
Targeting early-career candidates, including those who have not yet completed their formal college education, helps employers identify new talent while chalking out new career paths.
32% of those surveyed are leveraging formal apprenticeships to recruit or train entry-level employees.
“By targeting candidates earlier at the start of their career, including those yet to complete their college education, we identify new talent and create fresh career paths,” says Laurel Ruma, Global Director at MIT Technology Review. “Technology apprenticeships and educational partnerships are increasingly common, offering improved skill matches, higher retention rates and diversity in the workforce. These initiatives are our competitive edge in securing the future of our industry.”

HCLTech is an early adopter of alternate recruitment programs and has led the industry in recruiting entry-level talent from high schools and colleges. HCLTech’s apprenticeship program in India, called TechBee, is an innovative program that helps budding talented students who are looking for full-time careers in tech after high school. To further develop their global workforce, HCLTech extended its apprenticeship program to Sri Lanka, Australia, New Zealand, the Americas and Canada. HCLTech’s recruitment efforts extend to nontraditional candidates, including those from underrepresented backgrounds, to build a more dynamic workforce with a broader collection of ideas and increased innovation.

“Investing in talent as early as high school not only builds entry-level talent but also nurtures future leaders who can drive long-term innovation and value for customers,” said Jagadeshwar Gattu, the President of Digital Foundation Services at HCLTech. “HCLTech recognizes how a younger workforce with better training can benefit the entire sector and the advantages apprenticeships and graduate hiring programs offer to invest in the future workforce through education and upskilling”.

“Considering the rapid pace of technological innovation, engineering and STEM-oriented schools will benefit from partnering with tech companies to equip new graduates for tomorrow’s technology. It is also vital for tech companies to train young students and make them industry-ready,” says Subbaraman Balasubramanyan, Senior Vice President of Strategic Initiatives, HCLTech.

Check Point Research Exposes Cybercriminal Behind Malicious Software Impacting EMEA and AP

“Legit” software becomes cybercriminals’ preferred choice
In an alarming trend highlighted in Check Point’s 2023 Mid-Year Security Report, seemingly legitimate software has become the preferred choice of cyber criminals. Notable examples are the Remcos Remote Access Trojan (RAT) and GuLoader, both advertised as legitimate tools but heavily utilized in cyberattacks, consistently ranking among the most prevalent malware. Although their sellers claim lawful usage, CPR found a strong connection between these tools and cybercrime.

While Remcos struggles to evade antivirus detection, GuLoader acts as its ally, helping it bypass protection measures. CPR discovered that GuLoader is rebranded and sold as a crypter, ensuring Remcos’ payload remains fully undetectable by antiviruses. Strikingly, the same administrator manages the platform, selling both tools while operating the official website and Telegram channels for Remcos. CPR found compelling evidence that this individual not only employs malware like Amadey and Formbook but also uses GuLoader to shield against antivirus detection. Domain names and IP addresses associated with the Remcos and GuLoader seller appear in malware analyst reports.

Guloader and Remcos are among the leaders of the (infamous) pack

In July’s Most Wanted malware report, CPR reported that RAT Remcos rose four places due to trojanized installers. Remcos now sits at third place after threat actors created fake websites last month to spread malicious downloaders carrying the RAT.

First detected in 2016, Remcos is a RAT that is regularly distributed through seemingly authentic Microsoft documents or downloaders that are actually malicious. It has been most recently observed in a campaign involving the Fruity malware downloader. The objective was to lure victims to download the Fruity downloader, which installed different RATs such as Remcos (known for its ability to gain remote access to the victim system) to steal sensitive information and credentials and conduct malicious activity on the user’s computer.

GuLoader and Remcos in 2023 – Finance and Education sectors key targets
According to intelligence from Check Point ThreatCloud AI

GuLoader: In the Finance/Banking sector, an average of 2.4% of organizations globally were affected monthly (equivalent to 1 out of 41 organizations)
GuLoader: most substantial impact in the EMEA region, with a monthly average impact of 4.7% (equivalent to 1 out of 21 organizations)
Remcos: In the Education/Research sector, an average of 2.8% of organizations globally were affected monthly (equivalent to 1 out of 35 organizations)
Remcos: greatest impact in the APAC region, with a monthly average of 2% (1 out of 50 organizations)

Deceitful Distributor is actually part of the illegal operation

CPR’s investigation leads to a clear conclusion: the seller/s of Remcos and GuLoader are well aware of their software being embraced by cybercriminals, despite their disingenuous claims. CPR aims to expose the criminal responsible for selling these tools, revealing their social networks and uncovering the significant illicit income generated through these activities. This study underscores the serious threat posed by dual-use software and highlights the need for heightened vigilance against such deceptive practices in the cybersecurity landscape.

In 2020, CPR exposed an Italian company that was selling the CloudEyE product through the website security code.eu and revealed its direct affiliation with GuLoader. Our findings forced the creators of CloudEyE to temporarily suspend their operations. On their website, they posted a message saying that their service is designed to protect intellectual property, not to spread malware.

After a few months, their website resumed the sale of CloudEyE. Soon afterward, CPR observed an increase in the number of new GuLoader attacks in our telemetry, as well as the appearance of new versions. Currently, we monitor dozens of new GuLoader samples on a daily basis.

In our previous article about the latest versions of GuLoader, we purposefully omitted any connection between CloudEyE and the new version of GuLoader because we observed the distribution of GuLoader under an alternative name “The Protector” on the website named “VgoStore.” VgoStore, as it turns out, is closely related to Remcos.

Remcos is a well-known remote surveillance tool, marketed for legitimate tracking and monitoring purposes. Since its appearance in 2016, we have been monitoring Remcos in many phishing campaigns. In addition to its typical remote administration tool features, Remcos includes uncommon functionalities such as man-in-the-middle (MITM) capabilities, password stealing, tracking browser history, stealing cookies, keylogging, and webcam control. These features go beyond the typical scope of a RAT and suggest a more intrusive and malicious intent.

Investigative Outcomes
CPR’s investigation uncovered a clear connection between an individual known as EMINэM and two websites, BreakingSecurity and VgoStore. These websites openly sell Remcos and GuLoader, rebranded as TheProtect. Additionally, we have gathered evidence of EMINэM’s involvement in distributing harmful malware, including FormBook info stealer and Amadey Loader. Moreover, EMINэM exploits TheProtect to evade antivirus detection for his own malicious activities.

The apparent legitimacy of BreakingSecurity, VgoStore, and their products is merely a façade. EMINэM and those behind these platforms are deeply entrenched in the cybercriminal community, using their websites to facilitate illegal actions and profit from selling malicious tools.

This discovery emphasizes the ongoing need for constant vigilance and cooperation in the fight against cybercrime. Law enforcement agencies, cybersecurity professionals, and the wider community must collaborate to expose and neutralize such threats. By shedding light on individuals like EMINэM and their associated platforms, we strive to create a safer digital environment that better safeguards individuals, organizations, and the overall digital ecosystem.

CPR has disclosed its findings to the relevant law enforcement bureau for further investigation

Deepak Goyal Embarks on a Mission to Simplify Data Engineering

New Delhi, 22nd September 2023 – Deepak Goyal, an Edupreneur figure in the world of technology and data, has embarked on a mission to revolutionize data engineering. With a vision to make data engineering more accessible and user-friendly, Goyal is set to transform the way organizations harness the power of their data.

Data engineering is the backbone of modern data-driven enterprises, enabling them to collect, store, and process vast amounts of data for critical insights and decision-making. However, the complexity and challenges associated with data engineering have often been a barrier for many businesses, hindering their ability to unlock the full potential of their data.

Deepak Goyal’s mission is centered on simplifying data engineering, making it more understandable and manageable for individuals and organizations of all sizes. His innovative approach seeks to break down the barriers that have traditionally hindered the adoption of data engineering practices.

Accessible Education: Goyal is committed to providing accessible and comprehensive educational resources that demystify data engineering. He believes that by equipping individuals with the right knowledge and skills, they can navigate the complex world of data engineering with confidence.

User-Friendly Tools: Goyal is actively teaching user-friendly tools and platforms that streamline data engineering processes. These tools are designed to empower data professionals and simplify the tasks associated with data collection, transformation, and analysis.

Community Building: To foster collaboration and knowledge sharing, Goyal is building a community of data enthusiasts and professionals. This community will serve as a hub for learning, networking, and problem-solving in the field of data engineering.

Deepak Goyal’s mission is not only driven by a desire to empower individuals but also to fuel innovation and progress across industries. He envisions a future where data engineering is no longer a barrier but a catalyst for growth and discovery.

In his own words, Deepak Goyal stated, “Data engineering should be an enabler, not a roadblock. My mission is to make it easy for anyone, regardless of their background, to harness the power of data. I believe that by simplifying data engineering, we can unlock a new era of possibilities for businesses and individuals.”

Goyal’s mission has already garnered attention and support from industry leaders, educators, and technology enthusiasts who share his vision for a more accessible and user-friendly approach to data engineering while having a viewership of over 30,00,000+ on a monthly basis. With trained over 55,000+ working professionals so far.

Tenable Named a Leader in Vulnerability Risk Management by Independent Research Firm

Bangalore, India (September 22, 2023) — Tenable®, the Exposure Management company, today announced that independent research firm Forrester has named the company a Leader in its report, “The Forrester Wave™: Vulnerability Risk Management, Q3 2023.”

The report, which categorizes vendors as Leaders, Strong Performers, Contenders and Challengers, evaluated vendors’ vulnerability risk management (VRM) capabilities based on 28 different criteria. Tenable is top ranked among 11 vendors in the Strategy and Current Offering categories, and among the highest in the Market Presence category. Tenable received the highest possible score (5.0) across 14 different criteria, including Vision, Roadmap and Innovation.

Within the current offering category, the Tenable One Exposure Management Platform, received the highest possible scores (5.0) in the criteria of:

● Asset Types to include valuable information regarding assets for several types of remediation teams across a typical enterprise

● Exposure Types that support the widest array of non-CVE related exposures which incorporate the same prioritization formulas, remediation workflows and analyst experience

● Exploitability with demonstrated superior data models that provides thought leadership for calculating likely activity on yet to be exploited vulnerabilities

● Attack Path Modeling that natively conducts nonintrusive attack simulations to measure the likelihood of threat actors bypassing defenses, and

● Out of the Box Reporting that provides a remarkable breadth of information without customization or tags for many levels of decision-makers on what to do now and what to do next

“Tenable sets the tone for proactive security,” according to Forrester’s report. “Today’s goal remains the same with a vision of proactively securing growing and dynamic attack surfaces with its Tenable One platform, one of the first to embrace the exposure management categorization. Tenable’s name recognition and early-to-market platform approach of consolidating preventative events supports its superior, persistent vision, which aligns well with the current direction of the market.”

As companies embrace new technologies, the attack surface has expanded beyond traditional IT, making it challenging for organizations to quantify and act on their exposure to risk. The Tenable One Exposure Management Platform enables organizations to gain comprehensive visibility into their entire attack surface – from IT and OT infrastructure, to web apps, public cloud and identity systems. It enables customers to anticipate threats, disrupt attack paths, prioritize remediation efforts and communicate cyber risk to make better decisions.

“We built Tenable One to change the way organizations approach risk,” said Mark Thurmond, chief operating officer, Tenable. “Siloed, disjointed security programs are ineffective at building cyber resilience and lack the context needed to help organizations act efficiently. Our platform approach to exposure management flips this notion on its head. Tenable One provides organizations with comprehensive visibility, rich exposure data and context-driven risk analytics to reduce risk specific to their environments.”

Lenovo Unleashes Next-Generation Edge AI Solutions for Intelligent Transformation

Bangalore, September 21, 2023 – Today, Lenovo (HKSE: 992) (ADR: LNVGY) announced new, first-to-market edge AI services and solutions. These are designed to enable mass deployment of remote computing capabilities that will significantly accelerate AI readiness and empower new AI applications for any business. New Lenovo TruScale for Edge and AI brings the proven cost benefits of Lenovo TruScale’s Infrastructure-as-a-Service model to the broadest and most comprehensive edge portfolio on the market. This enables customers to leverage a pay-as-you-go model to quickly deploy powerful edge computing and gain AI-powered insights directly at the source of data creation. Lenovo is also expanding its broad portfolio with the new Lenovo ThinkEdge SE455 V3, bringing the most powerful edge server to the market and delivering breakthrough efficiency to support the most intensive remote AI workloads.

“In the age of intelligent transformation, Lenovo is leading innovation at the edge, democratising access to immediate intelligence through our advanced edge AI solutions. We aim to simplify AI deployment, making it accessible anywhere, anytime, and helping organisations thrive in an increasingly data-centric world,” said Sumir Bhatia, President – AP, Lenovo ISG. “With TruScale for Edge and ThinkEdge SE455 V3, we’re empowering businesses of all sizes to harness the full potential of data-driven insights, fueling transformative change across industries.”

Coupled with Lenovo’s AI Innovators program, end-to-end solutions and AI-ready technology, the breakthrough edge offerings simplify the creation and deployment of next-generation AI applications. This will help businesses of any size pioneer transformation with AI-powered insights that can be immediately used to improve outcomes across store aisles, manufacturing floors, hospital rooms, commercial kitchens and service desks all over the world.

As the amount of worldwide data grows exponentially, efficient edge computing infrastructure is essential to overcoming AI deployment complexities and helping businesses quickly translate data into actionable insights that streamline operations and improve business outcomes. Across every industry, next-generation infrastructure technologies that deliver data center-like computing to the edge are empowering AI for improved emergency response, public safety, accessibility, tourism, and retail experiences.

“We are excited about this launch as it comes at a time when businesses across industries in India are increasingly prioritizing real-time insights. Our first-to-market solutions will enhance decision-making, and drive innovation by processing data right at the source,” stated Amit Luthra, Managing Director – India, Lenovo ISG. “Moreover, through our actively expanding AI Innovators Program we are enabling sectors like retail, manufacturing, smart cities, and others to leverage the next-gen applications such as computer vision, audio recognition, prediction, security, and virtual assistants. Our core objective is to make digital IT real.”

Lenovo TruScale for Edge and AI helps businesses overcome limited resources and funding, offering immediate access to edge AI deployment and a one-stop connection to Lenovo’s 150+ turnkey AI solutions, using a scalable, infrastructure-as-a-service model to accelerate their intelligent transformation. It delivers end-to-end services from deployment to management and refresh, while customers get a predictable monthly payment model designed to scale dynamically with them. Leveraging single-source services and tools, TruScale makes it easier than ever to afford, deploy, and manage edge infrastructure, significantly reducing the upfront costs of powering AI solutions at the edge, and leveraging Lenovo to deploy and manage the solution without disrupting day-to-day operations. Customers can scale solutions at will and optimize costs with Lenovo metering technology that ensures they only pay for what they use. With the service, Lenovo has become the first one-stop-shop for end-to-end, edge-to-cloud AI solutions.

Lenovo is dedicated to supporting AI workloads anywhere, optimizing performance and efficiency for remote environments. The Lenovo ThinkEdge SE455 V3 leverages the latest EPYC 8004 series processor for exceptional efficient performance at the edge. This empowers next-gen AI applications while reducing power consumption and total cost of ownership in a compact, unobtrusive design. With robust power, storage, and expandability, it’s ideal for demanding AI and workload consolidation, catering to emerging innovations like large language models (LLMs).

In other key industries, like manufacturing, Lenovo offers edge AI solutions that detect workplace hazards such as accidents, defective machinery, and fire while state-of-the-art edge AI computing processes thousands of data points to monitor and engage with public crowds in large hospitality settings, enabling better guest services, security, and business intelligence in real-time.

Revvity Unveils Several Next-Generation Preclinical Imaging Technologies to Help Scientists Drive Breakthrough Discoveries

Bengaluru, 13th September 2023: Revvity, Inc. (NYSE: RVTY) today debuts its enhanced imaging portfolio designed to drive innovation across diverse applications in preclinical research with the launch of three systems. These new innovations include the next-generation IVIS® Spectrum 2 and the IVIS SpectrumCT 2 imaging systems, further elevating versatility and sensitivity standards in in vivo optical imaging. Also launching is the QuantumTM GX3 microCT structural imaging solution with increased resolution and speed for both in vivo and ex vivo imaging, designed to facilitate researchers studying disease biology or evaluating and fast-tracking therapeutic candidates. And making its global debut is the Vega® ultrasound system, originally launched in North America in 2022. These cutting-edge technologies will be showcased at the World Molecular Imaging Congress (WMIC) being held September 5-9, in Prague, Czech Republic.

IVIS® Spectrum 2 and IVIS SpectrumCT 2imaging systems — new flagship platforms setting the standard in high-throughput performance and versatility

QuantumTM GX3 microCT imaging solution — a high-throughput system with superior spatial resolution and fast, low-dose scanning for diverse in vivo and biological ex vivo applications

Vega® preclinical ultrasound system — a hands-free, automated, high-throughput imaging system delivering high-resolution 2D and 3D ultrasound images in minutes, now globally available

According to Dr. Alan Fletcher, Senior Vice President of Life Sciences at Revvity, “In a time when innovative technologies steer medical advancements, we are committed to delivering 1 versatile, high-throughput solutions that enhance preclinical R&D productivity. Our growing portfolio equips researchers with robust capabilities to illuminate scientific discoveries and can expedite the journey from discovery to cure.”

Leading the imaging frontier

Dr. Fletcher remarked, “Driven by ambitious product development and collaboration across the organization, our evolving portfolio underscores our commitment to accelerating innovation. With these advanced tools at their disposal, researchers can interrogate biology, streamline their workflows, and accelerate the pace of scientific advancement.”

These offerings are part of Revvity’s best-in-class preclinical imaging portfolio encompassing a comprehensive range of 2D and 3D optical imaging, microCT imaging, ultrasound platforms, reagents, and software tools for data analysis. For more information on these advanced solutions and others, visit www.Revvity.com. WMIC attendees can see live product demonstrations and engage in imaging strategy discussions in Revvity’s exhibit (booth #10).

Comment on Microsoft’s September 2023 Patch Tuesday: Satnam Narang, Sr. Staff Research Engineer, Tenable

CVE-2023-36761 is an information disclosure vulnerability in Microsoft Word, assigned a CVSSv3 score of 6.2 and rated important. Exploitation of this vulnerability is not just limited to a potential target opening a malicious Word document, as simply previewing the file can cause the exploit to trigger. Exploitation would allow for the disclosure of New Technology LAN Manager (NTLM) hashes. This is the second zero-day vulnerability in Microsoft products in 2023 that has resulted in the disclosure of NTLM hashes. The first was CVE-2023-23397, an elevation of privilege vulnerability in Microsoft Outlook, that was disclosed in the March Patch Tuesday release.

CVE-2023-36802 is an elevation of privilege vulnerability in the Microsoft Streaming Service Proxy that was assigned a CVSSv3 score of 7.8 and is rated important. It is the eighth elevation of privilege zero-day vulnerability exploited in the wild in 2023. Because attackers have a myriad of ways of breaching organizations, simply getting access to a system may not always be enough, which is where elevation of privilege flaws become that much more valuable, especially zero days. – Satnam Narang, Sr. Staff Research Engineer, Tenable