Pandemic of FUD (Fear, Uncertainty, Doubt), Fear-mongering
-
Open-source software usage slowing down for fear of vulnerabilities, exposures, or risks [Ed: You mean due to lies and FUD?]
In this Help Net Security video, Igal Lytzki, Incident Response Analyst at Perception Point, discusses a recent Remcos RAT malware campaign and more broadly, the threat that email-based threats and phishing pose to organizations.
-
Unpatched Python Library Affects More Than 300,000 Open Source Projects | eSecurityPlanet [Ed: Unless you allow dodgy people to pass you files and then process these files, without login or input being sanitised, this does not affect you and does not impact many projects. Dodgy compressed files have LONG been a problem. Like executables, you should be selective which ones you retrieve and process.]
-
Alert: 15-year-old Python tarfile flaw lurks in 'over 350,000' code projects [Ed: Alarmist garbage from The Register; to exploit this you need to feed it rogue files]
At least 350,000 open source projects are believed to be potentially vulnerable to exploitation via a Python module flaw that has remained unfixed for 15 years.
On Tuesday, security firm Trellix said its threat researchers had encountered a vulnerability in Python's tarfile module, which provides a way to read and write compressed bundles of files known as tar archives. Initially, the bug hunters thought they'd chanced upon a zero-day.