Security Leftovers
-
Scoop News Group ☛ How to fine-tune the White House’s new critical infrastructure directive [Ed: Is removal of Windows not on the table?]
National Security Memorandum 22 represents a good first step to better protect America’s critical infrastructure.
-
LWN ☛ Security updates for Wednesday
Security updates have been issued by Debian (nghttp2 and qtbase-opensource-src), Mageia (cjson, freerdp, guava, krb5, libarchive, and mediawiki), Oracle (container-tools:4.0 and container-tools:ol8), Red Hat (bind, buildah, container-tools:3.0, container-tools:rhel8, expat, gnutls, golang, grafana, kernel, kernel-rt, libreswan, libvirt, linux-firmware, mod_http2, pcp, pcs, podman, python-jwcrypto, rhc-worker-script, shadow-utils, skopeo, sssd, tigervnc, unbound, and yajl), SUSE (kernel and python311), and Ubuntu (gerbv and node-json5).
-
Security Week ☛ Google Boosts Bug Bounty Payouts Tenfold in Mobile App Security Push
Researchers can earn as much as $450,000 for a single vulnerability report as Surveillance Giant Google boosts its mobile vulnerability rewards program.
-
Security Week ☛ Oasis Security Raises $35 Million to Tackle Non-Human Identity Management
New York startup Oasis Security banks $35 million in a Series A extension round led by Accel, Cyberstarts, and Sequoia Capital.
-
Security Week ☛ Cuttlefish Malware Targets Routers, Harvests Cloud Authentication Data
Cuttlefish malware platform roaming around enterprise SOHO routers capable of covertly harvesting public cloud authentication data from internet traffic.
-
OpenSSF (Linux Foundation) ☛ OpenSSF Taps Bruce Schneier to Discuss Hey Hi (AI) and OSS Security During Keynote at SOSS Fusion Conference 2024
-
Security Week ☛ Change Healthcare Cyberattack Was Due to a Lack of Multifactor Authentication, UnitedHealth CEO says [Ed: Shifting the blame away from Microsoft much?]
UnitedHealth CEO Andrew Witty said in a U.S. Senate hearing that his company is still trying to understand why the server did not have the additional protection.
-
Scoop News Group ☛ Data stolen in Change Healthcare attack likely included U.S. service members, executive says
UnitedHealth Group CEO Andrew Witty tells Senate committee that Change Healthcare didn’t have MFA enabled on the server that was attacked in February, resulting in a $22 million ransom payment.