Security Leftovers

posted by Roy Schestowitz on Feb 27, 2024

• Freexian Collaborators: Long term support for Samba 4.17

  Freexian is pleased to announce a partnership with Catalyst to extend the security support of Samba 4.17, which is the version packaged in Debian 12 Bookworm. Samba 4.17 will reach upstream’s end-of-support this upcoming March (2024), and the goal of this partnership is to extend it until June 2028 (i.e. the end of Debian 12’s regular security support).

  One of the main aspects of this project is that it will also include support for Samba as Active Directory Domain Controller (AD-DC).

• Hong Kong Free Press ☛ Beijing tells local officials, firms to build ‘data security protection system’ to guard against hackers

  The Chinese government on Monday called for heightened data security measures and anti-hacking protections for sensitive domestic companies, vowing to “effectively prevent and control major risks” by 2026.

• Scoop News Group ☛ DOE announces $45 million investment for cybersecurity research

  The funding goes to 16 projects aimed at developing advanced tools to protect the energy sector.

• Scoop News Group ☛ Updated NIST cybersecurity framework adds core function, focuses on supply chain risk management

• OpenSSF (Linux Foundation) ☛ OpenSSF Supports Efforts to Build More Secure and Measurable Software

• OpenSSF (Linux Foundation) ☛ SOSS Community Day North America (NA) Agenda Live

  We're excited to announce that the agenda for Secure Open Source Software (SOSS) Community Day NA on April 15, 2024 is now available! Join us for a day of technical talks, panels, and a Table Top Exercise (TTX). SOSS Community Day is co-located with Open Source Summit North America in Seattle, WA. 

• Security Week ☛ LockBit Ransomware Gang Resurfaces With New Leak Site [Ed: Windows TCO]

  The LockBit ransomware operators announce a new leak site as they try to restore credibility after law enforcement takedown.

• Security Week ☛ LoanDepot Ransomware Attack Exposed 16.9 Million Individuals [Ed: Windows TCO]

  Lending firm LoanDepot said the personal information of 16.9 million people was stolen in a ransomware attack in early January.

• Security Week ☛ State-Sponsored Group Blamed for Change Healthcare Breach

  UnitedHealth Group is blaming a state-sponsored threat actor for a disruptive cyberattack on its subsidiary Change Healthcare.

• Security Week ☛ Critical Flaw in Popular ‘Ultimate Member’ WordPress Plugin

  The vulnerability carries a CVSS severity score of 9.8/10 and affects web sites running the Ultimate Member WordPress membership plugin.

• Federal News Network ☛ NIST finalizes Cybersecurity Framework updates

  The latest version of NIST's Cybersecurity Framework includes new information on governance, supply chain risks and more.