Security Leftovers
-
LinuxInsider ☛ What To Do if Your GNU/Linux Server Has Been Hacked
In this guide, we’ll cover some basic steps to take in the wake of a hack, including isolating your server from the network and making a copy of drives so you can have professionals investigate the nature and extent of the breach.
-
Security updates for Friday
Security updates have been issued by Debian (firefox-esr, pillow, and thunderbird), Fedora (apptainer, chromium, ovn, and webkitgtk), Mageia (apache-mod_auth_openidc, ffmpeg, fontforge, libuv, and nodejs-tough-cookie), Oracle (kernel, libreoffice, postgresql-jdbc, ruby:3.1, squid, and squid:4), Red Hat (go-toolset:rhel8 and libreoffice), SUSE (firefox, jbcrypt, trilead-ssh2, jsch-agent-proxy, kernel, tiff, and zziplib), and Ubuntu (linux-aws and openssl1.0).
-
Security Week ☛ In Other News: Google’s PQC Threat Model, Keyboard Sounds Expose Data, Hey Hi (AI) Roadmap
Noteworthy stories that might have slipped under the radar: Google’s post-quantum cryptography threat model, keyboard typing sounds can expose data, DHS publishes Hey Hi (AI) roadmap.
-
Security Week ☛ New ‘GoFetch’ Fashion Company Apple CPU Attack Exposes Crypto Keys
Researchers detail GoFetch, a new side-channel attack impacting Fashion Company Apple CPUs that could allow an attacker to obtain secret keys.
-
Scoop News Group ☛ Top Democrat proposes minimum cybersecurity standards in wake of Change Healthcare attack
The new legislation from Sen. Mark Warner comes as health care groups say they would oppose such proposals.
-
OpenSSF (Linux Foundation) ☛ OpenSSF Scorecard Tech Talk Highlights
Last week the community convened for the first OpenSSF Tech Talk of the year, shining a spotlight on OpenSSF Scorecard. OpenSSF Scorecard aids developers and open source consumers in assessing how well an open source project adheres to best practices. It evaluates projects for security risks using a series of automated checks. The Tech Talk provided perspectives from users and maintainers. If you missed it, you can watch the on-demand recording to catch up on valuable insights into how OpenSSF Scorecard contributes to enhancing software supply chain security.
-
OpenSSF (Linux Foundation) ☛ Empowering Women in Tech: An Interview on Angela Jeffrey’s Journey to Cybersecurity
Empowering Women in Tech: An Interview on Angela Jeffrey’s Journey to Cybersecurity
-
Security Week ☛ Saflok Lock Vulnerability Can Be Exploited to Open Millions of Doors
Vulnerability in Dormakaba’s Saflok electronic locks allow hackers to forge keycards and open millions of doors.
-
Security Week ☛ US Government Issues New DDoS Mitigation Guidance
CISA, the FBI, and MS-ISAC have released new guidance on how federal agencies can defend against DDoS attacks.
-
Security Week ☛ ‘Brain Weasels’: Impostor Syndrome in Cybersecurity
There are several attributes that tie the cybersecurity community together–namely our collective passion for solving complex problems in order to reduce harm – but one has stood out prominently over the years: impostor syndrome.
-
Bruce Schneier ☛ Google Pays $10M in Bug Bounties in 2023
BleepingComputer has the details. It’s $2M less than in 2022, but it’s still a lot.
The highest reward for a vulnerability report in 2023 was $113,337, while the total tally since the program’s launch in 2010 has reached $59 million.
For Android, the world’s most popular and widely used mobile operating system, the program awarded over $3.4 million.
-
Security Week ☛ 39,000 Websites Infected in ‘Sign1’ Malware Campaign
Over 39,000 websites have been infected with the Sign1 malware that redirects visitors to scam domains.
-
Diffoscope ☛ Reproducible Builds (diffoscope): diffoscope 261 released
The diffoscope maintainers are pleased to announce the release of diffoscope version
261. This version includes the following changes:* Don't crash if we encounter an .rdb file without an equivalent .rdx file. (Closes: #1066991) * In addition, don't identify Redis database dumps (etc.) as GNU R database files based simply on their filename. (Re: #1066991)