Security Leftovers

posted by Roy Schestowitz on Jan 25, 2023,
updated Jan 25, 2023

• CISA Releases Protecting Our Future: Partnering to Safeguard K–12 organizations from Cybersecurity Threats | CISA

  Today, CISA released Protecting Our Future: Partnering to Safeguard K–12 organizations from Cybersecurity Threats. The report provides recommendations and resources to help K-12 schools and school districts address systemic cybersecurity risk. It also provides insight into the current threat landscape specific to the K-12 community and offers simple steps school leaders can take to strengthen their cybersecurity efforts.

• Security updates for Tuesday [LWN.net]

  Security updates have been issued by Debian (kernel and spip), Fedora (kernel), Mageia (chromium-browser-stable, docker, firefox, jpegoptim, nautilus, net-snmp, phoronix-test-suite, php, php-smarty, samba, sdl2, sudo, tor, viewvc, vim, virtualbox, and x11-server), Red Hat (bash, curl, dbus, expat, firefox, go-toolset, golang, java-1.8.0-openjdk, java-17-openjdk, kernel, kernel-rt, kpatch-patch, libreoffice, libtasn1, libtiff, libxml2, libXpm, nodejs, nodejs-nodemon, pcs, postgresql-jdbc, sqlite, sssd, sudo, systemd, and usbguard), Scientific Linux (firefox, java-11-openjdk, and sudo), SUSE (freeradius-server, python-mechanize, and upx), and Ubuntu (exuberant-ctags, haproxy, ruby2.5, ruby3.0, and wheel).

• A security audit of Git [LWN.net]

  The Open Source Technology Improvement Fund has announced the completion of a security audit of the Git source.

• The Audit of Git is Complete! - OSTIF.org

  Open Source Technology Improvement Fund (OSTIF) is thrilled to announce the results of a security audit and threat model for git. Git is the world’s most widely used version control system, and it underpins not only open source, but the vast majority of public and private software development today. To say that git is infrastructure is an understatement, it reaches nearly every corner of software development and touches nearly every product that has software in one way or another.

• CISA Releases Two Industrial Control Systems Advisories | CISA

  CISA released two Industrial Control Systems (ICS) advisories on January 24, 2023.These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• Apple Releases Security Updates for Multiple Products� | CISA

  Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device.

• A DevSecOps Process for Node.js Projects - DevOps.com

  Node.js is an open source development platform for running JavaScript code on the server side. Node is useful for developing applications that require a persistent browser-server connection and is often used for real-time applications such as chat, social applications, or news feeds.

• An IBM Hacker Breaks Down High-Profile Attacks

  Incidents like the Rockstar and Uber hacks should serve as a warning to all CISOs. Proper security must consider the role info-hungry actors and audiences can play when dealing with sensitive information and intellectual property.

  Stephanie Carruthers, Chief People Hacker for the X‑Force Red team at IBM Security, broke down how the incident at Uber happened and what helps prevent these types of attacks.

• T-Mobile Hacked For The Eighth Time In Five Years

  T-Mobile hasn’t been what you’d call competent when it comes to protecting its customers’ data. The company has now been hacked numerous times just since 2018, with hackers at one point going so far as to to publicly ridicule the company’s lousy security practices.