Microsoft is seeing stars this week as the disclosure of a galaxy-sized vulnerability was reported. We discuss this story and more on this week’s Rundown.
WD Mixes Flash in Your Disk with OptiNAND Tech
WD announced this week that they are combining NAND flash storage with spinning disk to create fast and dense drives. OptiNAND is the name of the product, which promises both enterprise and consumer offerings. WD said the product is designed to help meet the need for the massive amount of data that needs to be stored in the coming years along with the desire to have it accessed as quickly as possible. The drive operates as a hybrid model thanks to custom firmware and an embedded SoC. WD mentioned that the products should be available later this year.
T-Mobile’s Entire Network Brute Force Hacked
T-Mobile is recovering from a fun little exploration through their systems. It was disclosed that the mobile giant suffered from a breach where a hacker gained access to some 54 million subscriber records. The investigation from Mandiant didn’t disclose too many details about the attack but did mention specifically that the actor leveraged “knowledge of technical systems, specialized tools, and capabilities” which feels very much like an inside job or a disgruntled former employee but this hasn’t been confirmed or denied. T-Mobile has said that no customer payment info has been stolen. In a statement the hacker, 21-year-old John Erin Binns, denounced the security of T-Mobile and mentioned that an unsecured Internet-facing router was the entry point into the network. He would not confirm that he was paid for the hack or whether or not he sold the data to other parties.
Study Shows Hands-On IT Experience Pays Off More than Certs
The current job market is favoring experience over paper according to a new report. The 2021 IT Skills Demand and Pay Trends Report was released this week and the results noted that there is an overabundance of supply of certified individuals out there and employers are starting to prioritize those with experience instead. The report theorizes that the reasoning behind the move is that people laid off during the early stages of the pandemic may have turned to online certification to help bolster their chances of being hired in the future. Premiums are being paid for those with skills in esoteric skills like Apache Pip or hot options in the cloud like Amazon DynamoDB.
Growing All-Flash Startup VAST Gains New $10M Line of Business in Major US Auto Manufacturer
If the last Storage Field Day told us anything, it’s that Flash is becoming a major part of many organizations’ approaches to storage. That fact has been made more apparent by the recent news coming out of VAST, the startup who, earlier this month announced would be working with the US DoD on a contract to the tune of $10M. They have now announced another $10M line of business, this time coming out of an undisclosed major US automotive manufacturer.
HPE Joins Apple in Warning about Aruba Sudo Bug
If you’re tired of telling Aruba Airwave to do things and being told no, you may be in luck. According to a new release from HPE, the platform is affected by a bug in the sudo command that is used to execute processes with root privileges. According to the report there is a chain of commands that can be issued that would allow an attacker to gain root access to the system and execute commands. The vulnerability was discovered back in January and could potential impact millions of devices that rely on the open source program. The vulnerability was patched out of Apple MacOS earlier this year but embedded systems may not be so lucky.
Astronomical Cosmos DB Vulnerability in Microsoft Azure
Microsoft is seeing stars this week as the disclosure of a galaxy-sized vulnerability was reported. The Cosmos DB service that runs the databases of the largest Azure customers was revealed to have a flaw going back almost two years.Utilizing the Jupyter Notebook visualization tool, Hackers at Wiz were able to grab the primary keys of any database running on the platform and start harvesting info. Wiz reported that they have full read-write access to the affected platforms before the vulnerability was patched on August 14th.
The Gestalt IT Rundown is a live weekly look at the IT news of the week. It broadcasts live on Facebook every Wednesday at 12:30pm ET. To watch along, “Like” our Facebook page. Be sure to subscribe to Gestalt IT on YouTube for even more weekly video content.