Security Leftovers and Windows TCO

posted by Roy Schestowitz on Feb 14, 2024

• Scoop News Group ☛ Volt Typhoon targeted emergency management services, per report

  Dragos researchers found that the China-sponsored hacking group has been attacking electric utilities since 2023.

• OpenSSF (Linux Foundation) ☛ Announcing the First Ever SOSS Fusion Conference: How You Can Get Involved

  We are thrilled to announce the first event Secure Open Source Software (SOSS) Fusion Conference 2024, a two-day conference hosted by the OpenSSF in Atlanta, GA. Set to take place on October 22-23, 2024, at The Hotel at Avalon, this event is dedicated to Securing Open Source Software (SOSS). The event registration is now open, and we invite you to join this event to contribute to the discussions around open source software security.

• Security Week ☛ Ivanti Vulnerability Exploited to Deliver New ‘DSLog’ Backdoor

  Backdoor deployed using recent Ivanti VPN vulnerability enables command execution, web request and system log theft.

• Security Week ☛ JFK Airport Taxi Hackers Sentenced to Prison

  Two individuals involved in hacking the taxi dispatch system at JFK airport have been sentenced to prison. 

• Security Week ☛ Bank of America Customer Data Stolen in Data Breach

  Bank of America is notifying some customers that their personal information was stolen in a data breach at third-party services provider.

• Federal News Network ☛ Cybersecurity starts in the Security Operations Center

  The experts behind the Security Operations Centers in the federal government vary by agency, technology and include both federal employees and contractors.

• Security Week ☛ Patch Tuesday: Adobe Warns of Critical Flaws in Widely Deployed Software

  Adobe ships patches for at least 30 documented security flaws, warning that users are exposed to code execution, security feature bypass and denial-of-service attacks.

• Security Week ☛ French Healthcare Payments Processor Breaches Affect Half of Population

  France’s data protection agency CNIL says it is investigating massive data breaches at two companies that manage third-party healthcare payments, warning that more than 33 million people may be affected.

• Security Week ☛ ICS Patch Tuesday: Siemens Addresses 270 Vulnerabilities

  February 2024 ICS Patch Tuesday: Siemens and Schneider Electric release a total of 18 new security advisories.

• Security Week ☛ Willis Lease Finance Corp Discloses Cyberattack

  Aircraft parts dealer Willis Lease Finance Corporation (WLFC) notified the SEC that it fell victim to a cyberattack.

• Scoop News Group ☛ Google: Iranian, regional hacking operations that target Israel remain opportunistic but focused

  Objectives from the hacking groups include espionage, information operations or destructive activities, researchers say.

• Pen Test Partners ☛ Android Content Providers 101

  Introduction Android has a number of different types of components that a program or app can instantiate to interact with the user or other programs.

• Windows TCO

  • Security Week ☛ Microsoft Confirms backdoored Windows Exploits Bypassing Security Features

    Patch Tuesday: Abusive Monopolist Microsoft pushes a massive batch of security-themed updates and calls urgent attention to exploits bypassing security features.

  • IT Wire ☛ Microsoft issues patches for 73 CVEs including two zero-days

    Microsoft has released fixes for vulnerabilities detailed in 73 CVEs, including two zero-days being exploited in the wild on Patch Tuesday.

  • SANS ☛ Microsoft February 2024 Patch Tuesday, (Tue, Feb 13th) [Ed: Microsoft security patches do not accomplish security because security is not the goal]