Integrity, TCO, and Security Isssues

posted by Roy Schestowitz on Dec 18, 2023

• Security

  • OpenSSF (Linux Foundation) ☛ OpenSSF Expands Support for Hey Hi (AI) Cyber Challenge (AIxCC)

    In August 2023, OpenSSF announced our partnership with DARPA, to support the Hey Hi (AI) Cyber Challenge (AIxCC). We set up a generative Hey Hi (AI) and autonomy for cybersecurity (GaiaCS) project to support our partnership activities and today, we are excited to announce that OpenSSF has brought on board Will Pearce and Nick Landers to support GaiaCS and AIxCC. 

  • Seth Michael Larson ☛ 2023-12-14 [Older] Python listed as memory-safe language in latest CISA recommendations

  • Bleeping Computer ☛ MongoDB says customer data was exposed in a cyberattack

    MongoDB is warning that its corporate systems were breached and that customer data was exposed in a cyberattack that was detected by the company earlier this week.

    In emails sent to MongoDB customers from CISO Lena Smart, the company says they detected their systems were hacked on Wednesday evening (December 13th) and started investigating the incident.

  • Fear, Uncertainty, Doubt/Fear-mongering/Dramatisation

    • Gray Dot Media Group ☛ New ‘NKAbuse’ Linux Malware Uses Blockchain Technology to Spread [Ed: The issue here is an Apache program, not "Linux".]

      Cybersecurity researchers from Kaspersky’s Global Emergency Response Team (GERT) have identified that the NKAbuse malware is actively targeting devices in Colombia, Mexico, and Vietnam.

      Kaspersky’s Global Emergency Response Team (GERT) has discovered a new multiplatform malware threat that uses innovative tactics to hijack victims. The malware, dubbed NKAbuse, uses New Kind of Network (NKN) technology, a blockchain-powered peer-to-peer network protocol to spread its infection.

  • CISA

    • CISA ☛ 2023-12-13 [Older] CISA and Partners Release Advisory on Russian SVR-affiliated Cyber Actors Exploiting CVE-2023-42793

    • CISA ☛ 2023-12-14 [Older] CISA Releases Seventeen Industrial Control Systems Advisories

    • CISA ☛ 2023-12-14 [Older] FortiGuard Releases Security Updates for Multiple Products

    • CISA ☛ 2023-12-12 [Older] Adobe Releases Security Updates for Multiple Products

    • CISA ☛ 2023-12-12 [Older] Apple Releases Security Updates for Multiple Products

    • CISA ☛ 2023-12-12 [Older] Microsoft Releases Security Updates for Multiple Products

    • CISA ☛ 2023-12-14 [Older] Johnson Controls Kantech Gen1 ioSmart

    • CISA ☛ 2023-12-14 [Older] Siemens User Management Component (UMC)

    • CISA ☛ 2023-12-14 [Older] Siemens SIMATIC and SIPLUS Products

    • CISA ☛ 2023-12-14 [Older] Siemens OPC UA Implementation in SINUMERIK ONE and SINUMERIK MC

    • CISA ☛ 2023-12-14 [Older] Siemens Web Server of Industrial Products

    • CISA ☛ 2023-12-14 [Older] Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1

    • CISA ☛ 2023-12-14 [Older] Siemens SINUMERIK

    • CISA ☛ 2023-12-14 [Older] Siemens SCALANCE and RUGGEDCOM M-800/S615 Family

    • CISA ☛ 2023-12-14 [Older] Siemens RUGGEDCOM and SCALANCE M-800/S615 Family

    • CISA ☛ 2023-12-14 [Older] Siemens SINEC INS

    • CISA ☛ 2023-12-12 [Older] The Apache Software Foundation Updates Struts 2

    • CISA ☛ 2023-12-12 [Older] CISA Releases SCuBA Google Workspace Secure Configuration Baselines for Public Comment

    • CISA ☛ 2023-12-12 [Older] CISA Releases Two Industrial Control Systems Advisories

    • CISA ☛ 2023-12-12 [Older] Schneider Electric Easy UPS Online Monitoring Software

    • CISA ☛ 2023-12-12 [Older] Schneider Electric Easy UPS Online Monitoring Software

    • CISA ☛ 2023-12-11 [Older] CISA Adds One Known Exploited Vulnerability to Catalog

  • Windows TCO

    • RIPE ☛ 2023-12-11 [Older] Security Control Changes Due to TLS Encrypted ClientHello