9 Legal Tech's Milestones for Cybersecurity & Data Privacy in 2023 By www.littler.com Published On :: Wed, 27 Dec 2023 18:48:03 +0000 Denise Backhouse shares how best to alleviate data risks that many e-discovery professionals may face in the new year. Legaltech News View (Subscription required.) Full Article
9 Legal Tech's Predictions for the Business of Law in 2024 By www.littler.com Published On :: Wed, 17 Jan 2024 21:38:17 +0000 Scott Forman gives his predictions for legal technology and data analytics tools, especially towards generative AI point solutions, in 2024. Legaltech News View (Subscription required.) Full Article
9 Calif. Becomes Latest To Ban 'Captive Audience' Meetings By www.littler.com Published On :: Wed, 02 Oct 2024 20:17:52 +0000 Michael Lotito comments on states banning captive audience meetings. Law360 View (Subscription required) Full Article
9 Just 11% of Legal Departments Predict Gen AI Will Be 'Transformative,' As Its Honeymoon Phase Fades By www.littler.com Published On :: Tue, 08 Oct 2024 21:32:58 +0000 Marko Mrkonich says it’s important for companies to establish their AI compliance framework at the beginning, instead of after employees have already gotten used to deploying AI in certain ways. Corporate Counsel View (Subscription required) Full Article
9 New GC Memo May Rein In 'Stay Or Pay' Schemes By www.littler.com Published On :: Mon, 14 Oct 2024 22:02:44 +0000 Tyler Sims discusses what General Counsel Jennifer Abruzzo’s tough stance on stay or pay could mean for employers. Law360 Employment Authority View (Subscription required) Full Article
9 5 Questions About NY's Workplace Violence Prevention Law By www.littler.com Published On :: Wed, 16 Oct 2024 14:47:57 +0000 Rebecca Goldstein and Terri Solomon comment on New York's Retail Worker Safety Act, which requires retail employers to adopt a violence prevention policy. Law360 Employment Authority View (Subscription required) Full Article
9 New workers' rights 'to cost firms £5bn a year’ By www.littler.com Published On :: Thu, 24 Oct 2024 15:10:27 +0000 Ben Smith says Labour's plans to upgrade workers' rights would create extra red tape for employers. BBC View Full Article
9 Right To Disconnect Plan May Erode Firms' Long-Hours Culture By www.littler.com Published On :: Tue, 29 Oct 2024 19:32:09 +0000 Ben Smith and Maya Beauville say the UK government's softened plan to grant employees the right to disconnect out of hours is unlikely to change the legal sector's entrenched long-hour culture anytime soon. Law360 View (Subscription required) Full Article
9 NYC Pet Leave Bill Marks 'Radical Departure' In Sick Time Use By www.littler.com Published On :: Tue, 05 Nov 2024 21:57:28 +0000 Kelly M. Cardin provides insight about why New York City is expanding its sick leave law to let workers use it to care for pets and service animals. Law360 View (Subscription required) Full Article
9 Punching In: Su's Future at Labor Unclear Even if Harris Wins By www.littler.com Published On :: Mon, 11 Nov 2024 23:31:26 +0000 Jim Paretti says resignations in the Labor Department are coming no matter who wins the 2024 election. Bloomberg Law View (Subscription required) Full Article
9 Trump's Win Tees Up Big Changes To The EEOC By www.littler.com Published On :: Tue, 12 Nov 2024 21:34:49 +0000 Jim Paretti says the actions the EEOC embarked on during the first Trump administration offer clear insights as to what to expect in the second go-round. Law360 View (Subscription required) Full Article
9 Trump's Second Term Poses Range Of Outcomes For NLRB By www.littler.com Published On :: Tue, 12 Nov 2024 21:36:32 +0000 Michael Lotito talks about what may happen with NLRB nominations under the Trump administration. Law360 View Full Article
9 2019 ETSI Fellows unveiled at General Assembly award ceremony By www.etsi.org Published On :: Thu, 28 Apr 2022 14:42:55 GMT 2019 ETSI Fellows unveiled at General Assembly award ceremony Sophia Antipolis, 3 April 2019 On 2 April during the 73rd General Assembly dinner, ETSI unveiled its three 2019 ETSI Fellows for their outstanding contribution to ETSI’s work. Awards were granted to Roberto Macchi, David Chater-Lea and Friedhelm Hillebrand. The award ceremony took place in the beautiful Domaine de Barbossi, a resort comprising high class hotel and restaurants, a golf and tennis course and a country club, located in Mandelieu la Napoule on the Côte d’Azur. Read More... Full Article
9 First ETSI C-V2X interoperability event: success rate of 95% achieved By www.etsi.org Published On :: Thu, 28 Apr 2022 06:13:20 GMT First ETSI C-V2X interoperability event: success rate of 95% achieved Sophia Antipolis, 11 December 2019 The first ETSI C-V2X PlugtestsTM, performed in partnership with 5GAA, came to a close with a success rate of 95% of the executed tests, showing an extremely positive level of multi-vendor interoperability. 320 test scenarios were executed in lab and field environments for interoperability with 70 people present onsite for testing. Read More... Full Article
9 ETSI's Securing Artificial Intelligence group appoints Chair and Vice Chairs By www.etsi.org Published On :: Thu, 02 Sep 2021 13:46:21 GMT ETSI's Securing Artificial Intelligence group appoints Chair and Vice Chairs Sophia Antipolis, 27 January 2020 ETSI's new Industry Specification Group on Securing Artificial Intelligence (ISG SAI) met last week for its second meeting and appointed Alex Leadbeater (BT) as its Chair. Dr Kate Reed (NCSC) was appointed as First Vice Chair and Tieyan Li (Huawei) was appointed as Second Vice Chair. This second meeting, after the launch of the group last October, was also the place to discuss work priorities. Read More... Full Article
9 New ETSI group to develop standardization framework for secure smartphone-based proximity tracing systems, helping to break COVID-19 transmission chains By www.etsi.org Published On :: Tue, 29 Mar 2022 13:16:12 GMT New ETSI group to develop standardization framework for secure smartphone-based proximity tracing systems, helping to break COVID-19 transmission chains Sophia Antipolis, 12 May 2020 In response to the global coronavirus pandemic, the new ETSI Industry Specification Group “Europe for Privacy-Preserving Pandemic Protection” (ISG E4P) has been established to provide a standardization framework that will enable developers to build interoperable mobile apps for proximity detection and anonymous identification. Read More... Full Article
9 ETSI’s new group on COVID-19 tracing apps interoperability moving fast: officials elected and work programme set up By www.etsi.org Published On :: Thu, 28 Apr 2022 09:21:59 GMT ETSI’s new group on COVID-19 tracing apps interoperability moving fast: officials elected and work programme set up Sophia Antipolis, 11 June 2020 The ETSI E4P group, “Europe for Privacy-Preserving Pandemic Protection”, launched a month ago has already held two meetings. The work of ISG E4P aims to facilitate the development of backward-compatible and interoperable proximity tracing applications to be used to combat pandemics by helping to break viral transmission chains. Read More... Full Article
9 ETSI C-V2X Plugtest achieves interoperability success rate of 94% By www.etsi.org Published On :: Wed, 15 Jun 2022 07:15:49 GMT ETSI C-V2X Plugtest achieves interoperability success rate of 94% Sophia Antipolis, 18 August 2020 ETSI has just released the report of its 2nd C-V2X Plugtests event organized remotely in partnership with the 5GAA the last week of July. The 81 remote participants benefited from ETSI’s remote lab to run their sessions in their own labs. Observers from different organizations witnessed the execution of 288 test sessions based on the ETSI test specification ETSI TS 103 600, and interoperability results were reported in the Test reporting tool. An overall interoperability success rate of 94% was achieved. Read More... Full Article
9 ETSI Mission Critical Plugtests event achieves a 95% interoperability success rate By www.etsi.org Published On :: Thu, 28 Apr 2022 06:26:09 GMT ETSI Mission Critical Plugtests event achieves a 95% interoperability success rate Sophia Antipolis, 2 November 2020 ETSI is pleased to announce it has now released the Report of its fifth MCX PlugtestsTM remote event that took place from 21 September to 2 October 2020. Results of the testing sessions outline an interoperability rate of 95%, giving industry a reliable set of standards for successful implementations. Highlights of this event included initial railway-oriented capabilities in 3GPP Release-15, such as functional aliases, multi-talker, helping Future Railway Mobile Communication System (FRMCS) move forward. 173 delegates from all over the world executed around 1350 test cases in 169 test sessions, interoperability results were reported in the ETSI Test reporting tool. Around fifty new test cases were developed for this event and will be added to ETSI TS 103 564. Read More... Full Article
9 Open Source MANO Release NINE fulfils ETSI's zero-touch automation vision, ready for MEC and O-RAN use cases By www.etsi.org Published On :: Thu, 28 Apr 2022 14:01:08 GMT Open Source MANO Release NINE fulfils ETSI's zero-touch automation vision, ready for MEC and O-RAN use cases Sophia Antipolis, 18 December 2020 ETSI is pleased to announce the launch of OSM Release NINE today. With an array of new features, this Release completes the alignment process with ETSI NFV specifications, culminating in native adoption of ETSI GS NFV-SOL006 for network functions and service modelling. Standardizing the onboarding process for VNFs into OSM fosters interoperability and boosts the growth of OSM’s VNF ecosystem. Release NINE coincides with the announcement of a new production deployment, confirming OSM as the most comprehensive open-source NFV orchestrator and a key enabler for zero-touch end-to-end network and service automation. Read More... Full Article
9 ETSI unveils its Report comparing worldwide COVID-19 contact-tracing systems – a first step toward interoperability By www.etsi.org Published On :: Tue, 28 Sep 2021 14:29:46 GMT ETSI unveils its Report comparing worldwide COVID-19 contact-tracing systems – a first step toward interoperability Sophia Antipolis, 2 February 2021 The COVID-19 pandemic has stretched the planet’s health systems to their limits and tested the measures adopted to alleviate difficulties. Contact tracking or tracing to identify infected people has been one such example. However, contact tracing based on interviews with identified or suspected patients presents known weaknesses from previous pandemics. Turning to digital means in a world where global mobility is the rule was therefore of the essence. Read More... Full Article
9 ETSI's Director-General speaks of the future of railway mobile communication systems at COIT event By www.etsi.org Published On :: Thu, 08 Jul 2021 19:30:31 GMT ETSI's Director-General speaks of the future of railway mobile communication systems at COIT event Sophia Antipolis, 28 June 2021 On 23 June, as part of the commemoration of the European Year of Rail, the COIT Smart Railways Working Group conducted an online session to publicise the features and advantages of the FRMCS (Future Railway Mobile Communication System). This system will replace the current GSM-R and technologically mark the next decades of a means of transport that is living its best moment. Read More... Full Article
9 ETSI 6th MCX Plugtests event reports a success rate of 97.6% By www.etsi.org Published On :: Thu, 16 Dec 2021 13:45:29 GMT ETSI 6th MCX Plugtests event reports a success rate of 97.6% Sophia Antipolis, 16 December 2021 ETSI is pleased to release the Report of its sixth MCX Plugtests event. Organized with the support of the European Commission, EFTA, TCCA and UIC, it was held in hybrid mode from 8 to 19 November 2021, with LTE assisted testing at University of Malaga, Spain. Vendors had the possibility to send equipment to the University of Malaga (UMA) for participating in end-to-end testing. They could use the LTE test network available on the premises and rely on the UMA experts onsite to run interoperability test sessions on the network without being present. Read More... Full Article
9 ETSI C-V2X Plugtests event achieves a 93% interoperability success rate By www.etsi.org Published On :: Thu, 21 Apr 2022 13:22:21 GMT ETSI C-V2X Plugtests event achieves a 93% interoperability success rate Sophia Antipolis, 21 April 2022 The 3rd ETSI C-V2X PlugtestsTM event, held in partnership with 5GAA and hosted by DEKRA from 28 March to 1st April, achieved a success rate of 93% of the executed tests, showing an extremely positive level of multi-vendor interoperability. 226 test scenarios were executed in a laboratory and outdoor environment for interoperability, with 80 people from 25 companies participating in onsite and remote testing. All results are available in the newly released Report. Read More... Full Article
9 The ETSI Future Rail Mobile Communications System Plugtests event achieves a success rate of 95% By www.etsi.org Published On :: Mon, 13 Jun 2022 08:28:26 GMT Sophia Antipolis, 13 June 2022 The 2nd FRMCS PlugtestsTM event, organized remotely by ETSI with the support of the European Commission, EFTA, TCCA and UIC from 16 to 20 May 2022, has concluded with a success rate of 95% of the executed tests. ETSI Plugtests events are essential to ensure seamless access to mission critical services across different vendors’ products and implementations. The MCX ETSI Plugtests series is the first independent testing of public safety and other mission critical LTE services. The MCX services are the basis for the Future Rail Mobile Communications System (FRMCS), and tests are based on the MCX (collectively for MCPTT, MCVideo and MCData services) framework. Read More... Full Article
9 ETSI simplifies ICT end-users’ lives with a guide available in 19 European languages By www.etsi.org Published On :: Thu, 21 Jul 2022 08:21:40 GMT ETSI simplifies ICT end-users’ lives with a guide available in 19 European languages Sophia Antipolis, 21 July 2022 ETSI is pleased to announce the new version of the ETSI Guide EG 203 499, developed by experts from the Human Factors Technical Committee. The guide aims to further simplify end-user access to ICT devices, services and applications by providing recommended terms for basic and commonly used ICT-related objects and activities, notably the terms that end users are commonly exposed to. Read More... Full Article
9 ETSI Mission Critical testing event reports a 96% success rate By www.etsi.org Published On :: Fri, 16 Dec 2022 13:00:57 GMT ETSI Mission Critical testing event reports a 96% success rate Sophia Antipolis, 16 December 2022 The capabilities of Mission Critical Push-to-Talk (MCPTT), Mission Critical Data (MCData) and Mission Critical Video (MCVideo) – together abbreviated as MCX services – were tested during the seventh MCX Plugtests™ from 07 November to 11 November 2022 at the University of Malaga (UMA). The MCX ETSI Plugtests series is the first independent testing of public safety and other mission critical services over LTE and 5G networks. Read More... Full Article
9 10 years of ETSI NFV - its Network Operators Council's perspective on the past, present and future By www.etsi.org Published On :: Wed, 08 Mar 2023 11:48:52 GMT Sophia Antipolis, 24 February 2023 In the light of ten years from the NFV introductory whitepaper, is the new whitepaper the ETSI ISG NFV Network Operator Council (NOC), an advisory group of ISG NFV, launched this week, 10 years after the introductory whitepaper. Read More... Full Article
9 ETSI Mission Critical testing event reports a 95% success rate By www.etsi.org Published On :: Wed, 22 Nov 2023 09:34:28 GMT Sophia Antipolis, 22 November 2023 The Report of the eight MCX Plugtests™ event that took place from 9 October to 13 October 2023 at University of Malaga (UMA) is now available. The Report shows a success rate of 95% interoperability of the 3GPP mission critical services executed tests. Read More... Full Article
9 Role of Fibre Networks in Carbon Shift: ETSI's White Paper By www.etsi.org Published On :: Thu, 30 Nov 2023 09:06:00 GMT Sophia Antipolis, 30 November 2023 ETSI is pleased to announce a new White Paper developed by some of the members of its F5G Industry Specification Group, entitled “All-optical network facilitates the Carbon Shift”, highlighting the role of fibre networks as a key ICT enabler to meet the UN sustainability goals. Read More... Full Article
9 ETSI's Committee on Securing AI Decides on New Work By www.etsi.org Published On :: Thu, 07 Dec 2023 15:55:23 GMT Sophia Antipolis, 7 December 2023 In order to have the capability to directly contribute to standardization requests, which may include, but not limited to, the future AI Act, Cybersecurity Resilience Act and NIS2, it was decided to transfer the SAI Industry Specification Group into a Technical Committee. Read More... Full Article
9 ETSI and 5GAA driving interoperability as C-V2X tests hit a 94% success rate By www.etsi.org Published On :: Mon, 30 Sep 2024 13:32:49 GMT Sophia Antipolis, 30 September 2024 Direct communications between vehicles, pedestrians and infrastructure based on 3GPP and ETSI TC ITS standards have been tested during the 4th C-V2X Plugtests™ interoperability event in Malaga, Spain, hosted by DEKRA (September 10- 13, 2024). In partnership with 5GAA, this Cellular Vehicle-to-Everything (C-V2X) and ITS technologies event attracted the participation of 24 companies and 82 experts – both onsite and via remote connections – with 94% of the planned tests, based on over 60 test scenarios, successfully completed. Read More... Full Article
9 MAA Ottawa: Axe Throwing with Ottawa's Alumni By www.alumni.mcgill.ca Published On :: Wed, 31 Dec 1969 19:00:00 -0500 Starts: Wed, 13 Nov 2024 19:00:00 -050011/13/2024 05:30:00PMLocation: Ottawa, Canada Full Article
9 San Francisco Bay Area Holiday Party - Don't Miss the Fun! By www.alumni.mcgill.ca Published On :: Wed, 31 Dec 1969 19:00:00 -0500 Starts: Sun, 08 Dec 2024 18:30:00 -050012/08/2024 04:30:00PMLocation: San Mateo, U. S. A. Full Article
9 First-Time Home Buyer's Essentials By www.alumni.mcgill.ca Published On :: Wed, 31 Dec 1969 19:00:00 -0500 Starts: Tue, 10 Dec 2024 19:00:00 -050012/10/2024 05:30:00PMLocation: Montreal, Canada Full Article
9 Somewhere in the Nadir of African American History, 1890-1920 By nationalhumanitiescenter.org Published On :: Fri, 12 Feb 2010 11:10:22 -0400 New essay by Glenda Gilmore just added to Freedom's Story: Teaching African American Literature and History, TeacherServe from the National Humanities Center. Full Article
9 The Civil Rights Movement: 1968-2008 By nationalhumanitiescenter.org Published On :: Mon, 28 Jun 2010 11:02:43 -0400 New essay by Nancy MacLean, "The Civil Rights Movement: 1968-2008," added to Freedom's Story: Teaching African American Literature and History, TeacherServe from the National Humanities Center. Full Article
9 Notice of Coming into Force of National Instrument 93-101 Derivatives: Business Conduct By www.osc.ca Published On :: Thu, 26 Sep 2024 13:51:06 GMT National Instrument 93-101 Derivatives: Business Conduct (the Rule) will come into force on September 28, 2024 (the Effective Date), pursuant to section 143.4 of the Securities Act (Ontario). Full Article
9 Multilateral Instrument 93-101 Derivatives: Business Conduct By www.osc.ca Published On :: Thu, 26 Sep 2024 14:03:22 GMT This document is only available as a PDF. Full Article
9 Companion Policy 93-101 Derivatives: Business Conduct By www.osc.ca Published On :: Thu, 26 Sep 2024 14:11:27 GMT This document is only available as a PDF. Full Article
9 Notice of Ministerial Approval of Amendments to OSC Rule 91-507 Trade Repositories and Derivatives Data Reporting and Consequential Amendments to OSC Rule 13-502 Fees By www.osc.ca Published On :: Thu, 10 Oct 2024 14:22:57 GMT The Minister of Finance has approved amendments to Ontario Securities Commission (OSC) Rule 91-507 Trade Repositories and Derivatives Data Reporting and consequential amendments to OSC Rule 13-502 Fees (collectively, the Amendments) pursuant to Full Article
9 Amendments to OSC Rule 91-507 Trade Repositories and Derivatives Data Reporting By www.osc.ca Published On :: Thu, 10 Oct 2024 14:35:58 GMT 1. Ontario Securities Commission Rule 91-507 Trade Repositories and Derivatives Data Reporting is amended by this Instrument. Full Article
9 CSA Notice Regarding Coordinated Blanket Order 96-932 Re Temporary Exemptions from Certain Derivatives Data Reporting Requirements By www.osc.ca Published On :: Wed, 30 Oct 2024 18:15:28 GMT This document is only available as a PDF. Full Article
9 Ontario Securities Commission – Coordinated Blanket Order 96-932 By www.osc.ca Published On :: Wed, 30 Oct 2024 18:21:33 GMT This document is only available as a PDF. Full Article
9 Empowering Women: Inclusion in India's Government Planning (Short Version) By www.youtube.com Published On :: Tue, 20 Aug 2024 15:27:07 GMT Full Article
9 Empowering Women: Inclusion in India's Government Planning (Odia Subtitles) By www.youtube.com Published On :: Fri, 23 Aug 2024 21:55:19 GMT Full Article
9 Microsoft’s November 2024 Patch Tuesday Addresses 87 CVEs (CVE-2024-43451, CVE-2024-49039) By www.tenable.com Published On :: Tue, 12 Nov 2024 14:02:10 -0500 4Critical82Important1Moderate0LowMicrosoft addresses 87 CVEs and one advisory (ADV240001) in its November 2024 Patch Tuesday release, with four critical vulnerabilities and four zero-day vulnerabilities, including two that were exploited in the wild.Microsoft patched 87 CVEs in its November 2024 Patch Tuesday release, with four rated critical, 82 rated important and one rated moderate.This month’s update includes patches for:.NET and Visual StudioAirlift.microsoft.comAzure CycleCloudAzure Database for PostgreSQLLightGBMMicrosoft Exchange ServerMicrosoft Graphics ComponentMicrosoft Office ExcelMicrosoft Office WordMicrosoft PC ManagerMicrosoft Virtual Hard DriveMicrosoft Windows DNSRole: Windows Hyper-VSQL ServerTorchGeoVisual StudioVisual Studio CodeWindows Active Directory Certificate ServicesWindows CSC ServiceWindows DWM Core LibraryWindows Defender Application Control (WDAC)Windows KerberosWindows KernelWindows NT OS KernelWindows NTLMWindows Package Library ManagerWindows RegistryWindows SMBWindows SMBv3 Client/ServerWindows Secure Kernel ModeWindows Task SchedulerWindows Telephony ServiceWindows USB Video DriverWindows Update StackWindows VMSwitchWindows Win32 Kernel SubsystemRemote code execution (RCE) vulnerabilities accounted for 58.6% of the vulnerabilities patched this month, followed by elevation of privilege (EoP) vulnerabilities at 29.9%.ImportantCVE-2024-43451 | NTLM Hash Disclosure Spoofing VulnerabilityCVE-2024-43451 is a NTLM hash spoofing vulnerability in Microsoft Windows. It was assigned a CVSSv3 score of 6.5 and is rated as important. An attacker could exploit this flaw by convincing a user to open a specially crafted file. Successful exploitation would lead to the unauthorized disclosure of a user’s NTLMv2 hash, which an attacker could then use to authenticate to the system as the user. According to Microsoft, CVE-2024-43451 was exploited in the wild as a zero-day. No further details about this vulnerability were available at the time this blog post was published.This is the second NTLM spoofing vulnerability disclosed in 2024. Microsoft patched CVE-2024-30081 in its July Patch Tuesday release.ImportantCVE-2024-49039 | Windows Task Scheduler Elevation of Privilege VulnerabilityCVE-2024-49039 is an EoP vulnerability in the Microsoft Windows Task Scheduler. It was assigned a CVSSv3 score of 8.8 and is rated as important. An attacker with local access to a vulnerable system could exploit this vulnerability by running a specially crafted application. Successful exploitation would allow an attacker to access resources that would otherwise be unavailable to them as well as execute code, such as remote procedure call (RPC) functions.According to Microsoft, CVE-2024-49039 was exploited in the wild as a zero-day. It was disclosed to Microsoft by an anonymous researcher along with Vlad Stolyarov and Bahare Sabouri of Google's Threat Analysis Group. At the time this blog post was published, no further details about in-the-wild exploitation were available.ImportantCVE-2024-49019 | Active Directory Certificate Services Elevation of Privilege VulnerabilityCVE-2024-49019 is an EoP vulnerability affecting Active Directory Certificate Services. It was assigned a CVSSv3 score of 7.8 and is rated as important. It was publicly disclosed prior to a patch being made available. According to Microsoft, successful exploitation would allow an attacker to gain administrator privileges. The advisory notes that “certificates created using a version 1 certificate template with Source of subject name set to ‘Supplied in the request’” are potentially impacted if the template has not been secured according to best practices. This vulnerability is assessed as “Exploitation More Likely” according to Microsoft’s Exploitability Index. Microsoft’s advisory also includes several mitigation steps for securing certificate templates which we highly recommend reviewing.ImportantCVE-2024-49040 | Microsoft Exchange Server Spoofing VulnerabilityCVE-2024-49040 is a spoofing vulnerability affecting Microsoft Exchange Server 2016 and 2019. It was assigned a CVSSv3 score of 7.5 and rated as important. According to Microsoft, this vulnerability was publicly disclosed prior to a patch being made available. After applying the update, administrators should review the support article Exchange Server non-RFC compliant P2 FROM header detection. The supplemental guide notes that as part of a “secure by default” approach, the Exchange Server update for November will flag suspicious emails which may contain “malicious patterns in the P2 FROM header.” While this feature can be disabled, Microsoft strongly recommends leaving it enabled to provide further protection from phishing attempts and malicious emails.CriticalCVE-2024-43639 | Windows Kerberos Remote Code Execution VulnerabilityCVE-2024-43639 is a critical RCE vulnerability affecting Windows Kerberos, an authentication protocol designed to verify user or host identities. It was assigned a CVSSv3 score of 9.8 and is rated as “Exploitation Less Likely.”To exploit this vulnerability, an unauthenticated attacker needs to leverage a cryptographic protocol vulnerability in order to achieve RCE. No further details were provided by Microsoft about this vulnerability at the time this blog was published.Important29 CVEs | SQL Server Native Client Remote Code Execution VulnerabilityThis month's release included 29 CVEs for RCEs affecting SQL Server Native Client. All of these CVEs received CVSSv3 scores of 8.8 and were rated as “Exploitation Less Likely.” Successful exploitation of these vulnerabilities can be achieved by convincing an authenticated user into connecting to a malicious SQL server database using an affected driver. A full list of the CVEs are included in the table below.CVEDescriptionCVSSv3CVE-2024-38255SQL Server Native Client Remote Code Execution Vulnerability8.8CVE-2024-43459SQL Server Native Client Remote Code Execution Vulnerability8.8CVE-2024-43462SQL Server Native Client Remote Code Execution Vulnerability8.8CVE-2024-48993SQL Server Native Client Remote Code Execution Vulnerability8.8CVE-2024-48994SQL Server Native Client Remote Code Execution Vulnerability8.8CVE-2024-48995SQL Server Native Client Remote Code Execution Vulnerability8.8CVE-2024-48996SQL Server Native Client Remote Code Execution Vulnerability8.8CVE-2024-48997SQL Server Native Client Remote Code Execution Vulnerability8.8CVE-2024-48998SQL Server Native Client Remote Code Execution Vulnerability8.8CVE-2024-48999SQL Server Native Client Remote Code Execution Vulnerability8.8CVE-2024-49000SQL Server Native Client Remote Code Execution Vulnerability8.8CVE-2024-49001SQL Server Native Client Remote Code Execution Vulnerability8.8CVE-2024-49002SQL Server Native Client Remote Code Execution Vulnerability8.8CVE-2024-49003SQL Server Native Client Remote Code Execution Vulnerability8.8CVE-2024-49004SQL Server Native Client Remote Code Execution Vulnerability8.8CVE-2024-49005SQL Server Native Client Remote Code Execution Vulnerability8.8CVE-2024-49006SQL Server Native Client Remote Code Execution Vulnerability8.8CVE-2024-49007SQL Server Native Client Remote Code Execution Vulnerability8.8CVE-2024-49008SQL Server Native Client Remote Code Execution Vulnerability8.8CVE-2024-49009SQL Server Native Client Remote Code Execution Vulnerability8.8CVE-2024-49010SQL Server Native Client Remote Code Execution Vulnerability8.8CVE-2024-49011SQL Server Native Client Remote Code Execution Vulnerability8.8CVE-2024-49012SQL Server Native Client Remote Code Execution Vulnerability8.8CVE-2024-49013SQL Server Native Client Remote Code Execution Vulnerability8.8CVE-2024-49014SQL Server Native Client Remote Code Execution Vulnerability8.8CVE-2024-49015SQL Server Native Client Remote Code Execution Vulnerability8.8CVE-2024-49016SQL Server Native Client Remote Code Execution Vulnerability8.8CVE-2024-49017SQL Server Native Client Remote Code Execution Vulnerability8.8CVE-2024-49018SQL Server Native Client Remote Code Execution Vulnerability8.8ImportantCVE-2024-43602 | Azure CycleCloud Remote Code Execution VulnerabilityCVE-2024-43602 is a RCE vulnerability in Microsoft’s Azure CycleCloud, a tool that helps in managing and orchestrating High Performance Computing (HPC) environments in Azure. This flaw received the highest CVSSv3 score of the month, a 9.9 and was rated as important. A user with basic permissions could exploit CVE-2024-43602 by sending specially crafted requests to a vulnerable AzureCloud CycleCloud cluster to modify its configuration. Successful exploitation would result in the user gaining root permissions, which could then be used to execute commands on any cluster in the Azure CycleCloud as well as steal admin credentials.Tenable SolutionsA list of all the plugins released for Microsoft’s November 2024 Patch Tuesday update can be found here. As always, we recommend patching systems as soon as possible and regularly scanning your environment to identify those systems yet to be patched.For more specific guidance on best practices for vulnerability assessments, please refer to our blog post on How to Perform Efficient Vulnerability Assessments with Tenable.Get more informationMicrosoft's November 2024 Security UpdatesTenable plugins for Microsoft November 2024 Patch Tuesday Security UpdatesJoin Tenable's Security Response Team on the Tenable Community.Learn more about Tenable One, the Exposure Management Platform for the modern attack surface. Full Article
9 One-punch man. Volume 9 / story by ONE ; art by Yusuke Murata ; translation, John Werry. By library.gcpl.lib.oh.us Published On :: "Nothing about Saitama passes the eyeball test when it comes to superheroes, from his lifeless expression to his bald head to his unimpressive physique. However, this average-looking guy has a not-so-average problem— he just can't seem to find an opponent strong enough to take on! Time bomb Garo, a monster admirer, finally explodes, attacking the Hero Association! Meanwhile, Miss Blizzard visits Saitama at his apartment. Because of his lower rank, she plans to make him one of her subordinates, but … ." -- Page [4] of cover. Full Article
9 Outcast. Volume 4, Under Devil's wing / Robert Kirkman, creator, writer ; Paul Azaceta, artist ; Elizabeth Breitweiser, colorist ; Rus Wooton, letterer. By library.gcpl.lib.oh.us Published On :: "Answers are given, secrets are revealed, and the Barnes family has never been in more danger. Allison learns that there's something very special about her daughter, bu where's Kyle? Will Anderson risk everything to save him?' -- Page 4 of cover. Full Article
9 Something is killing the children. Volume 3 / written by James Tynion IV ; illustrated by Werther Dell'Edera ; colored by Miquel Muerto ; lettered by AndWorld Design ; cover by Werther Dell'Edera with colors by Miquel Muerto. By library.gcpl.lib.oh.us Published On :: "As the House of Slaughter arrives to clean up the situation by any means necessary, Erica will find that the true threat to those around her isn't who— or what— she ever expected. And the cost of saving the day may be too high for anyone to pay … ." -- Description provided by publisher. Full Article
