Security and Windows TCO Leftovers
-
Uwe Kleine-König: PGP Keysigning on FOSDEM'24
I'm going to FOSDEM'24. Assuming to meet Debian and Kernel folks there, this should be a good opportunity to do PGP keysigning.
-
Krebs On Security ☛ Meet Ika & Sal: The Bulletproof Hosting Duo from Hell
In 2020, the United States brought charges against four men accused of building a bulletproof hosting empire that once dominated the Russian cybercrime industry and supported multiple organized cybercrime groups. All four pleaded guilty to conspiracy and racketeering charges. But there is a fascinating and untold backstory behind the two Russian men involved, who co-ran the world’s top spam forum and worked closely with Russia’s most dangerous cybercriminals.
-
IT Wire ☛ Dutch engineer spread Stuxnet in Iran nuclear plant in 2008: report [Ed: Windows TCO]
A Dutchman was responsible for infecting equipment at Iran's Natanz nuclear plant in 2008 with the Stuxnet virus, leading to years of delay in the country's nuclear program, a Dutch publication, Volkskrant, claims.
-
Security Week ☛ How to Get Started With Security Automation: Consider the Top Use Cases Within Your Industry
Organizations in different industries may approach security automation from a different entry point, but the requirements for an automation platform are consistent across use cases.
-
Silicon Angle ☛ Mortgage lender LoanDepot struck by suspected ransomware attack [Ed: Certainly seems like Windows TCO]
U.S. mortgage lender LoanDepot Inc. is the latest company to be hit by a cyberattack that affected internal systems and caused disruption for customers. The attack reportedly occurred over the weekend, with the company officially disclosing the attack in an 8-K filing with the U.S. Securities and Exchange Commission.
-
The Straits Times ☛ Purge data and restart: Experts urge Malaysia govt to fix security flaws in new central database
Accounts could be registered for others using their IC numbers, postcodes, raising identity theft fears.
-
Security Week ☛ Vulnerability Handling in 2023: 28,000 New CVEs, 84 New CNAs
A total of more than 28,000 CVE IDs were assigned in 2023 and 84 new CVE Numbering Authorities (CNAs) were named.
-
Security Week ☛ Lebanon Airport Screens Display Anti-Hezbollah Message After Being Hacked
The information display screens at Beirut’s international airport were hacked by domestic anti-Hezbollah groups.
-
Security Week ☛ NIST: No Silver Bullet Against Adversarial Machine Learning Attacks
NIST has published guidance on adversarial machine learning (AML) attacks and mitigations, warning that there is no silver bullet.
-
European Commission ☛ New rules to boost cybersecurity of the EU institutions enter into force
European Commission Press release Brussels, 08 Jan 2024 The new Cybersecurity Regulation laying down measures for a high common level of cybersecurity at the institutions, bodies, offices and agencies of the Union entered into force yesterday, 7 January 2024.
-
Security Week ☛ QNAP Patches High-Severity Flaws in QTS, Video Station, QuMagie, Netatalk Products
QNAP has released patches for a dozen vulnerabilities in its products, including several high-severity flaws.
-
Security Week ☛ Turkish Cyberspies Targeting Netherlands
Turkish state-sponsored group Sea Turtle has been targeting multiple organizations in the Netherlands for espionage.
-
Windows TCO
-
Fix AMD Driver Keeps Crashing While Playing Games on backdoored Windows 11
For any laptop or PC, the most important component is the graphics card. For great performance, this is required. You can’t have it crash in the middle of a mission! That would be very frustrating indeed.
-
RIP Abusive Monopolist Microsoft WordPad. You Will Be Missed [Ed: But missed by who? People who refused to realise that many better editors had existed for decades and were free?
After around 30 years of existence, WordPad is finally saying goodbye. In the backdoored Windows 11 Build 26020 Insider Preview’s Canary Channel, Abusive Monopolist Microsoft announced that WordPad will not be auto-installed...
-
Security Week ☛ Major IT, Crypto Firms Exposed to Supply Chain Compromise via New Class of CI/CD Attack [Ed: Microsoft itself is the supply chain risk]
Self-hosted [sic] Microsoft's proprietary prison GitHub Actions runners could allow attackers to inject malicious code into repositories, leading to supply chain attacks.
-