Security Leftovers

posted by Roy Schestowitz on Nov 10, 2023

• Linux Foundation

  • Silicon Angle ☛ New initiatives abound as the CNCF and OpenSSF adopt a security focus [Ed: Lf-sponsored puff pieces disguised as "journalism"; Silicon Angle ☛ Some fo these LF-sponsored spammy articles are just buzzwords, not substance.]

  • OpenSSF (Linux Foundation) ☛ How to Use Open Source to Help Comply with SCM Best Practices: A Tutorial on Combining OpenSSF Scorecard and Legitify

    A few weeks ago, the OpenSSF Best Practices Working Group published the Source Code Management (SCM) Best Practices guide. This guide is the result of a collaboration of multiple leading security community members under the OpenSSF umbrella. The SCM Best Practices guide provides a comprehensive set of recommendations for securing SCM platforms like Microsoft's proprietary prison GitHub and GitLab.

• Windows TCO

  • Security Week ☛ Russian Hackers Used OT Attack to Disrupt Power in Ukraine Amid Mass Missile Strikes

    Mandiant says Russia's Sandworm hackers used a novel OT attack to cause power outages that coincided with mass missile strikes on critical infrastructure across Ukraine.

  • Scoop News Group ☛ Russian hackers disrupted Ukrainian electrical grid last year

    The notorious Russian hacking group known as Sandworm took down a substation that caused a brief outage, according to a new Mandiant report.

  • RFERL ☛ Hackers Linked To Russian Intelligence Blamed For 2022 Ukraine Grid Disruption

    Hackers affiliated with Russia’s military intelligence agency penetrated, and disrupted, parts of Ukraine’s electricity grid late last year using sophisticated new hacking tools, a new report said.