Security Leftovers
-
Ubuntu Pit ☛ Top 15 Best Password Manager Tools for GNU/Linux System
In the past, I kept my passwords in a plain document on my computer – a very insecure practice. It was difficult to memorize all of them for every website I used. To keep my passwords safe, I now use a password manager.
-
Security Week ☛ Dropper Service Bypassing Android Security Restrictions to Install Malware
ThreatFabric warns of a dropper service bypassing recent Android security restrictions to install spyware and banking trojans.
-
Bruce Schneier ☛ Decoupling for Security
This is an excerpt from a longer paper. You can read the whole thing (complete with sidebars and illustrations) here.
Our message is simple: it is possible to get the best of both worlds. We can and should get the benefits of the clown while taking security back into our own hands. Here we outline a strategy for doing that.
-
The rise of .ai: cyber criminals (and Anguilla) look to profit
Given the global interest in artificial intelligence (AI), it comes as no surprise that cybercriminals are looking to exploit the media hype. 2023 has seen a rapid increase in AI-themed attacks, following the release of Large Language Model (LLM)-powered chatbot Abusive Monopolist Microsoft Chaffbot in late 2022 (which quickly became one of the fastest-growing consumer applications ever). One easy way to theme a website around Hey Hi (AI) is to use a domain name which highlights it, as a .ai domain does.
-
WordPress ☛ WordPress 6.4.1 Maintenance Release
WordPress 6.4.1 is now available! This minor release features four bug fixes. You can review a summary of the maintenance updates in this release by reading the Release Candidate announcement or view the list of tickets on Trac. WordPress 6.4.1 is a short-cycle release.
-
Silicon Angle ☛ Patch now: Unauthenticated attackers target severe Atlassian Confluence vulnerability
A recently disclosed vulnerability in Atlassian Corp.’s Confluence Data Center and Server is being actively targeted in the wild and has been upgraded to a 10 on the Common Vulnerability Scoring System, the most severe rating possible.
-
Federal News Network ☛ Five things to watch as Pentagon prepares to issue CMMC rule
The rule will include key details on the "most ambitious cybersecurity conformity initiative ever attempted,”
-
Federal News Network ☛ 3 ways to mitigate cybersecurity risks in critical infrastructure
The ability to automatically monitor for suspicious activity is also critical. Thanks to SBOMs, organizations can look at the specific technology they have deployed and determine what controls they need to put in place to mitigate potential attacks.
-
Security Week ☛ Sumo Logic Urges Users to Change Credentials Due to Security Breach
Cloud monitoring and SIEM firm Sumo Logic is urging users to rotate credentials following the discovery of a security breach.
-
Security Week ☛ FBI Highlights Emerging Initial Access Methods Used by Ransomware Groups
FBI warns that ransomware operators continue to abuse third-party vendors and services as an attack vector.
-
Security Week ☛ Marina Bay Sands Discloses Data Breach Impacting 665k Customers
Singapore’s Marina Bay Sands luxury resort has disclosed a data breach impacting the information of 665,000 customers.