SolarWinds has released patches for a critical vulnerability in its Web Help Desk software (CVE-2024-28987) that allows unauthenticated remote users to gain unauthorized access and modify data. Rated 9.1 on the CVSS scale, the flaw was discovered by Horizon3.ai's Zach Hanley. Users are advised to update to version 12.8.3 Hotfix 2, which requires prior installation of versions 12.8.3.1813 or 12.8.3 HF1. This follows a recent patch for another severe vulnerability (CVE-2024-28986) with a CVSS score of 9.8 that has been actively exploited, though specific attack details remain unknown. Further information on CVE-2024-28987 is anticipated next month, underscoring the urgency for timely updates.

Hardcoded Credential Vulnerability Found in SolarWinds Web Help Desk thehackernews

Peter Slavin will become the new president and CEO of Cedars-Sinai Medical Center and Cedars-Sinai Health System on October 1, succeeding Thomas Priselac. Slavin aims to address the post-pandemic recovery of the healthcare workforce by improving their work environment through technology and a people-first approach. Emphasizing the reduction of administrative burdens and promoting work-life balance are key elements of his strategy. Having led Massachusetts General Hospital previously, Slavin has significant experience in enhancing clinical care and workforce development. He believes that advancing trust in healthcare providers and adopting customer service principles will improve patient experiences and help regain public trust.

Next Cedars-Sinai CEO: ‘Make the Work Environment as Positive, Joyful as Possible’ HealthLeaders Media

The escalation of top-level domains (TLDs) has intensified a security issue where many organizations inadvertently send Microsoft Windows usernames and passwords to domains they do not own, due to previously non-existent TLDs now being available for registration. This flaw, known as "namespace collision," exposes sensitive data because organizations set up their internal authentication systems using what they thought were private domains. Security researcher Philippe Caturegli has been mapping this vulnerability by examining self-signed security certificates, uncovering more than 9,000 suspect domains. A significant portion of these are now registered, potentially allowing third parties to intercept credentials. Caturegli's findings highlight the scale of the issue, revealing that even critical infrastructures and government entities are affected. His research underscores the persistent and pervasive risk posed by outdated network configurations and the need for organizations to adopt more secure internal domain naming practices.

Local Networks Go Global When Domain Names Collide krebsonsecurity.com

The article discusses the paradoxical nature of Generation Z, who are highly skilled with digital devices and adept at using various software and applications but often lack proficiency in traditional computer skills like typing. This generation’s reliance on mobile devices and touch-based interfaces contributes to their lower typing speeds and challenges with typing accuracy, despite their overall high level of digital literacy and competence.

Gen Z-ers Are Computer Whizzes. Just Don’t Ask Them to Type. Wall Street Journal