Security Leftovers
-
Kali Linux ☛ Kali GNU/Linux DEI Promise
Last month we were privileged to be invited by GitLab to participate in the introduction of GitLab’s DEI Badging integration. Diversity, Equity, and Inclusion (DEI) badging is an initiative that the Community Health Analytics in Open Source Software (CHAOSS) project created to acknowledge and encourage open source projects’ efforts.
-
LinuxSecurity ☛ Best Practices for WordPress Site Security on GNU/Linux Webservers
At last count, W3Techs reported that 43.1% of all websites operating on the Internet today rely on the WordPress CMS. And of those, an overwhelming majority run on GNU/Linux servers. That immense popularity makes GNU/Linux servers running WordPress a prime target of hackers and other bad actors. As a result, such servers face an estimated 90,000 attacks every minute, every day.
-
Pen Test Partners ☛ OSINT in 60 seconds. Mind reading on TV
TL;DR We were asked to help with a Channel 5 consumer education series about online banking scams
-
SANS ☛ Exploit Flare Up Against Older Altassian Confluence Vulnerability, (Mon, Jan 29th)
This vulnerability allowed attackers to create new admin users in Confluence. Today, I noticed a bit a "flare up" in a specific exploit variant.
-
Troy Hunt ☛ The Data Breach "Personal Stash" Ecosystem
-
Matthew Palmer: Why Certificate Lifecycle Automation Matters
If you’ve perused the ActivityPub feed of certificates whose keys are known to be compromised, and clicked on the “Show More” button to see the name of the certificate issuer, you may have noticed that some issuers seem to come up again and again. This might make sense – after all, if a CA is issuing a large volume of certificates, they’ll be seen more often in a list of compromised certificates. In an attempt to see if there is anything that we can learn from this data, though, I did a bit of digging, and came up with some illuminating results.
-
Scoop News Group ☛ A tangled mess: Government rules for social control media security lack clarity
In wake of SEC breach, federal policymakers, agencies, and experts can't seem to agree on whether agencies must use MFA on social control media.
-
Hong Kong Free Press ☛ Data breach notifications rose by nearly 50% in 2023, Hong Kong privacy watchdog finds
Hong Kong’s privacy watchdog has said it received more than 150 data breach notifications in 2023, marking a nearly 50 per cent increase compared to the previous year.
-
Security Week ☛ Bastille Networks Raises $44 Million to Secure Wireless Devices
Goldman Sachs leads wireless threat intelligence firm Bastille Networks’ $44 million Series C funding round.
-
Security Week ☛ PoC Exploit Published for Critical Jenkins Vulnerability
PoC exploit code targeting a critical Jenkins vulnerability patched last week is already publicly available.
-
Security Week ☛ Vulnerabilities in WatchGuard, Panda Security Products Lead to Code Execution
Two memory safety vulnerabilities in WatchGuard and Panda Security products could lead to code execution with System privileges.
-
Security Week ☛ Canadian Man Sentenced to Prison for Ransomware Attacks
Matthew Philbert was sentenced to two years for launching cyberattacks on Canadian businesses and government entities.
-
Security Week ☛ Ivanti Struggling to Hit Zero-Day Patch Release Schedule
Ivanti is struggling to hit its own timeline for the delivery of patches for critical -- and already exploited -- flaws in its flagship VPN appliances.
-
Security Week ☛ US Aid Office in Colombia Reports Its Facebook (Farcebook) Page Was Hacked
The Colombia office of the U.S. government agency that oversees foreign aid and development funding said its Facebook (Farcebook) page was hacked and asked the public to ignore any posts or links from the account.