Security and Fear, Uncertainty, Doubt (FUD)
-
CISA Releases Three Industrial Control Systems Advisories | CISA
CISA has released three (3) Industrial Control Systems (ICS) advisories on October 20, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
-
Constellation: Open-source, runtime-encrypted Kubernetes
Confidential Computing is a hardware-based technology that shields computer workloads from their environments and keeps data encrypted during processing.
In this Help Net Security video, Felix Schuster, CEO at Edgeless Systems, talks about the open-source release of Constellation.
-
iTWire - In the midst of a major digital mess, ASPI is pushing digital ID. Really?
With Australia in a fairly messy situation as far as network security is concerned, it is somewhat curious to note that the Australia Strategic Policy Institute is trying to lobby for the complete adoption of digital identity.
This is the equivalent of saying that one should digitise a confusing analog setup, in the hope that it would suddenly morph into something efficient.
What always happens when a confused set-up is digitised is that the mess is magnified. Computerisation is very good at that – no fault of the discipline, but that's just the way it is.
It is even more puzzling that the lobbying for digital identity comes from Fergus Hanson, director of the International Cyber Policy Centre at ASPI, who is touted as a cyber security expert by that august media organ, the Australian Financial Review.
-
Apache Commons Text flaw is not a repeat of Log4Shell (CVE-2022-42889) [Ed: Notice how Microsofters, even a year after the patch, keep bringing up and hyping up "Log4Shell" (or J); the Microsofters did the same with "heartbleed" for years]
A freshly fixed vulnerability (CVE-2022-42889) in the Apache Commons Text library has been getting attention from security researchers these last few days, worrying it could lead to a repeat of the Log4Shell dumpster fire.