Security Leftovers
-
SANS ☛ Public Information and Email Spam, (Mon, Feb 5th)
Many organizations publicly list contact information to help consumers reach out for help when needed. This may be general contact information or a full public directory of staff. It seems obvious that having any kind of publicly available information will increase the liklihood that these accounts will receive spam or phishing emails.
-
The Straits Times ☛ China says it opposes and cracks down on all forms of cyberattacks
The Chinese government does not tolerate any form of cyberattacks and will not allow any country or individual to engage in such illegal activities using Chinese infrastructure, its embassy in the Philippines said.
-
Security Week ☛ Google Open Sources AI-Aided Fuzzing Framework
Google has released its fuzzing framework in open source to boost the ability of developers and researchers to identify vulnerabilities.
-
Security Week ☛ US to Roll Out Visa Restrictions on People Who Misuse Spyware to Target Journalists, Activists
Officials said the visa restriction policy can apply to citizens of any country found to have misused or facilitated the malign use of spyware
-
Troy Hunt ☛ How Spoutible’s Leaky API Spurted out a Deluge of Personal Data
-
LinuxSecurity ☛ The 'Linux' Foundation Offers Insights on Secure Software Development
The 'Linux' Foundation recently published a report titled Maintainer Perspectives on Open Source Software Security , which provides valuable insights into the perspectives, practices, and challenges faced by OSS maintainers and core contributors regarding open-source software security . The report highlights the importance of utilizing software composition analysis (SCA) and static application security testing (SAST) tools in evaluating the security of OSS packages.
-
XSAs released on 2024-01-22
The Xen Project has released one or more Xen security advisories (XSAs).
-
XSAs released on 2024-01-30
The Xen Project has released one or more Xen security advisories (XSAs). The security of Qubes OS is affected.
-
JURIST ☛ Pennsylvania state court website down due to denial of service cyberattack
Pennsylvania Chief Justice Debra Todd announced Sunday night that a portion of the Pennsylvania State Court’s website is unavailable because of a denial of service cyberattack.
-
OpenSSF (Linux Foundation) ☛ CVE-2023-6246 Root Access Vulnerability in glibc
The CVE-2023-6246 vulnerability in glibc can allow an attacker to escalate their local unprivileged access to the full root privilege level. CVEs like this highlight the significance of the initiatives that OpenSSF has been championing like Memory Safe Languages, Tools, and Coordinated Vulnerability Disclosure.
-
Security Week ☛ AnyDesk Hacked: Revokes Passwords, Certificates in Response
AnyDesk is revoking certificates and passwords in response to a significant security breach impacting production systems.
-
Security Week ☛ Airbus App Vulnerability Introduced Aircraft Safety Risk: Security Firm
Navblue Flysmart+ Manager allowed attackers to modify aircraft engine performance calculation, intercept data.
-
Security Week ☛ QNAP Patches High-Severity Bugs in QTS, Qsync Central
Two high-severity vulnerabilities in QNAP’s operating system could lead to command execution over the network.
-
Security Week ☛ Mitsubishi Electric Factory Automation Flaws Expose Engineering Workstations
Critical and high-severity Mitsubishi Electric Factory Automation vulnerabilities can allow privileged access to engineering workstations.
-
Latvia ☛ Latvia ranked highly for cyber security
Latvia is included in the top five countries worldwide for cyber security according to rankings produced by the National Cyber Security Index in Estonia.
-
Federal News Network ☛ How-modern-security-operations-centers-keep-up with-emerging-threats
As agencies turn to outsource their security operations center staffs, they need assurance the employees have both certifications and up-to-date knowledge.
-
Security Week ☛ UK, France Host Conference to Tackle ‘Hackers for Hire’
Britain and France will host 35 nations alongside business and technology firm leaders at an inaugural conference in London to tackle "hackers for hire" and the market for cyberattack tools.