Security and Windows TCO Leftovers
-
CISA ☛ 2024-04-09 [Older] CISA Releases One Industrial Control Systems Advisory
-
CISA ☛ 2024-04-09 [Older] SUBNET PowerSYSTEM Server and Substation Server
-
CISA ☛ 2024-04-04 [Older] CISA Adds Two Known Exploited Vulnerabilities to Catalog
-
CISA ☛ 2024-04-04 [Older] CISA Releases Two Industrial Control Systems Advisories
-
CISA ☛ 2024-04-04 [Older] Hitachi Energy Asset Suite 9
-
CISA ☛ 2024-04-04 [Older] Schweitzer Engineering Laboratories SEL
-
Simon Josefsson ☛ Simon Josefsson: Reproducible and minimal source-only tarballs
With the release of Libntlm version 1.8 the release tarball can be reproduced on several distributions. We also publish a signed minimal source-only tarball, produced by git-archive which is the same format used by Savannah, Codeberg, GitLab, GitHub and others. Reproducibility of both tarballs are tested continuously for regressions on GitLab through a CI/CD pipeline. If that wasn’t enough to excite you, the Debian packages of Libntlm are now built from the reproducible minimal source-only tarball. The resulting binaries are hopefully reproducible on several architectures.
What does that even mean? Why should you care? How you can do the same for your project? What are the open issues? Read on, dear reader…
-
SANS ☛ Critical Palo Alto GlobalProtect Vulnerability Exploited (CVE-2024-3400), (Sat, Apr 13th)
...vulnerability that has been exploited since March...
-
Windows TCO
-
Wired ☛ Change Healthcare Faces Another Ransomware Threat—and It Looks Credible
In March, the ransomware group AlphV, which had claimed credit for encrypting Change Healthcare’s network and threatened to leak reams of the company’s sensitive health care data, received a $22 million payment—evidence, publicly captured on Bitcoin’s blockchain, that Change Healthcare had very likely caved to its tormentors’ ransom demand, though the company has yet to confirm that it paid. But in a new definition of a worst-case ransomware, a different ransomware group claims to be holding Change Healthcare’s stolen data and is demanding a payment of their own.
-
India Times ☛ malware attack: Number of devices hit by data-stealing malware rises over 600% in three years: Kaspersky
The number of devices compromised with data-stealing malware has increased more than 600% in the past three years, according to cybersecurity firm Kaspersky. Kaspersky's Digital Footprint Intelligence data showed the number of personal and corporate devices compromised with data-stealing malware reached 10 million in 2023, registering a 643% increase over the past three years.
According to Kaspersky's data, 443,000 websites worldwide have experienced compromised credentials in the past five years.
-