Security Leftovers (UPDATED)
-
Why has software supply chain security exploded? - Open Source Security [Ed: SBOM is not a solution but a product pushed by FOSS-hostile entities through imposters at the 'Linux' Foundation]
I take a bike ride every morning, it’s a nice way to think about topics of the day. I’ve been wondering lately why software supply chain security has exploded in popularity in the last year or so. Nothing happens by accident, so there must be some series of events we can point at that has led to everyone suddenly making this a priority. Software supply chain security is not new, I’ve been doing it since about 2002 when I was helping track and coordinate security vulnerabilities in Linux distributions. We didn’t call it a supply chain back then, and nobody really paid attention to it. So what changed between then and now?
-
Defenders Be Prepared: Cyberattacks Surge Against Linux Amid Cloud Migration [Ed: Conflating attacks with actual compromise. Typical Microsoft nonsense.]
-
CISA Releases Five Industrial Control Systems Advisories | CISA [Ed: Some of these are Windows issues, but CISA goes out of its way not to name the culprit]
CISA has released five Industrial Control Systems (ICS) advisories on September 06, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
UPDATE
This just in:
-
#StopRansomware: Vice Society [Ed: Stop using Microsoft Windows; Windows is the king of ransomware.]
CISA, the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have released a joint Cybersecurity Advisory (CSA), #StopRansomware: Vice Society, to disseminate tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with Vice Society actors identified through FBI investigations as recently as September 2022.