(In)Security: Microsoft Fear, Uncertainty, Doubt (FUD), NSA, and Adobe
-
Vulnerable API Exposes Private npm Packages [Ed: Microsoft failing at security and the corrupt media won't even name the culprit]
-
NSA’s and CISA’s recent security guidance: The good and the bad [Ed: NSA works with Microsoft on back doors and CISA is acting like a Microsoft agency these days. Nowadays, owing to corporate control of the media, it's fashionable to pretend all security problems are "open source" or "supply chain". Back doors in proprietary software ignored.]
The NSA and CISA released the guide “Securing the Software Supply Chain: Recommended Practices Guide for Developers” last month and while David Wheeler, the director of open-source supply chain security at the Linux Foundation and OpenSS, welcomes it, he said there are some questionable requirements.
-
Adobe Releases Security Updates for Multiple Products | CISA
Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker can exploit some of these vulnerabilities to take control of an affected system.