Organizations who use ServiceNow may have inadvertently been an open book to anyone willing to take a peek due to a misconfiguration in their knowledge base access control settings.

According to new research from AppOmni, more than a thousand ServiceNow instances, a term used to describe an organization’s copy of ServiceNow in the cloud, were found to be unknowingly exposing data from their knowledge base, a ServiceNow feature often used for IT and human resources support that enables users to create a repository of information for internal or external use, to the public.

AppOmni Chief of SaaS Security Research Aaron Costello told IT Brew that he discovered the finding after testing over 2,000 instances for data exposures in the past year.

“Some of the examples of data that I’d found which were publicly accessible where things such as documents that describe intricacies of internal computer systems belonging to the organization, credentials such as actual passwords and access tokens that could be used by a malicious person to access other systems belonging to the organization, and in other cases, some minor [personal identifiable information],” Costello said.

Read the rest here.—BM

Your IT might be holding you back from truly effective AI. What are you doing so your IT is able to support it? Optimize your technology and operations to support AI workloads through automation and AI-ready, hybrid cloud infrastructure with IBM. IBM can help you maximize the value of your own data while meeting your technology and compute needs across multiple cloud and on-premise environments to fuel AI.

Unite your IT to unleash AI across your business by:

• simplifying technology management and operations with automation
• unlocking more ROI from your IT estate to drive AI initiatives
• building a data and AI-ready IT infrastructure

Get started.

AI this, AI that—why don’t you tr-AI learning some basic computer skills?

That’s what employers are looking for in the job market, according to a new report from job search giant Indeed’s Hiring Lab. The Sept. 10 research revealed that while roughly 2–3% of listings mentioned AI as a prerequisite skill, nearly one-in-five asked for basic computer literacy.

“The current reality,” the report reads, “is that many employers are simply seeking workers possessing basic computer skills.”

New world. Hiring Lab researchers Alexandre Judes and Jack Kennedy wrote that the existing skill gap for basic computer knowledge is larger than you might expect, meaning AI’s effect on the labor market is less impactful than one might expect.

“While AI may eventually necessitate broad upskilling across the workforce to embrace advanced technologies, there remains a more pressing concern around closing basic digital skills gaps and allowing everyone to fully engage with work in the digital age,” the researchers wrote.

Read more here.—EH

A virtual private network (VPN) turns public real quick once everybody knows the password.

Password-management firm Specops Software discovered 2,151,523 VPN credentials compromised via malware over the past year in a study released last week.

(In 2023, VPN provider Surfshark estimated that 1.6 billion people use VPNs, tools for providing encrypted remote access.)

The 2 million-plus pull of VPN passwords from the company’s threat-intelligence platform indicates to one pro at the firm that plenty of users aren’t protecting, or even caring all that much, about a valuable network entrypoint.

“If we look at some of the content of those passwords, that’s where we really start seeing where there’s still, unfortunately, a general apathy around security, and password security in particular,” Darren James, senior product manager at Outpost24 (which acquired Specops in 2021), told IT Brew.

This is qwerty. The most commonly used passwords found in the report likely won’t surprise you; they are the usual consecutive numbers and variations of “password” and “qwerty.” The top compromised password—found 5,290 times, according to Specops: “123456.”

Keep reading here.—BH

System error: Please contact administrator. Is there a worse message to receive when managing your workflows? Nope. That’s why BetterCloud is hosting Become a Google Admin Superhero, a game-changing webinar that’ll spill the deets on how to get around all those pesky Google Workspace limits. Forget about admin headaches.