Security Leftovers
-
Security Week ☛ Netflix Paid Out Over $1 Million via Bug Bounty Program
Netflix has paid out more than $1 million for vulnerabilities found in its products since the launch of its bug bounty program in 2016.
-
Scoop News Group ☛ Chinese national arrested for operating proxy service linked to billions in cybercrime
YunHe Wang and two associates were also sanctioned by the Treasury Department in operation to install malware on users’ computers.
-
APNIC ☛ Improving RPKI uptake in the Asia Pacific region
Will government-led initiatives be a significant addition to global routing security?
-
Security Week ☛ New North Korean Threat Actor Engaging in Espionage, Revenue Generation Attacks [Ed: Shallow nonsense portraying the worst offender, Microsoft, which keeps getting cracked completely by nation states, as if it's an authority in security]
Microsoft dives into the tactics, techniques, and procedures of North Korean threat actor Moonstone Sleet.
-
Federal News Network ☛ FISMA: Why it’s no longer just a checkbox for federal enterprise cybersecurity compliance
Water and wastewater facilities are easy targets for state-sponsored cyberattacks, presenting an unacceptable risk to the American public.
-
Security Week ☛ Vulnerabilities in Eclipse ThreadX Could Lead to Code Execution
Vulnerabilities in the real-time IoT operating system Eclipse ThreadX before version 6.4 could lead to denial-of-service and code execution.
-
Security Week ☛ US Sanctions Three Chinese Men for Operating 911 S5 Botnet
The US government has announced sanctions against three Chinese nationals accused of creating and operating the 911 S5 proxy botnet.
-
OpenSSF (Linux Foundation) ☛ The Opportunity for DEI Participation in the Security Industry (And OpenSSF) [Ed: Instead of focusing on better skills they focus on optics]
At Secure Open Source Software (SOSS) Community Day North America 2024, we held a panel discussion on DEI (Diversity, Equity and Inclusion) at Open Source Security Foundation (OpenSSF). In preparing for this discussion we had a lot of conversations and realized we each had diverse perspectives on what the needs of this community are and why this conversation is important now.
-
LWN ☛ Security updates for Wednesday
Security updates have been issued by AlmaLinux (glibc and tomcat), Fedora (chromium, fcitx5-qt, python-pyqt6, qadwaitadecorations, qgnomeplatform, qt6, qt6-qt3d, qt6-qt5compat, qt6-qtbase, qt6-qtcharts, qt6-qtcoap, qt6-qtconnectivity, qt6-qtdatavis3d, qt6-qtdeclarative, qt6-qtgraphs, qt6-qtgrpc, qt6-qthttpserver, qt6-qtimageformats, qt6-qtlanguageserver, qt6-qtlocation, qt6-qtlottie, qt6-qtmqtt, qt6-qtmultimedia, qt6-qtnetworkauth, qt6-qtopcua, qt6-qtpositioning, qt6-qtquick3d, qt6-qtquick3dphysics, qt6-qtquicktimeline, qt6-qtremoteobjects, qt6-qtscxml, qt6-qtsensors, qt6-qtserialbus, qt6-qtserialport, qt6-qtshadertools, qt6-qtspeech, qt6-qtsvg, qt6-qttools, qt6-qttranslations, qt6-qtvirtualkeyboard, qt6-qtwayland, qt6-qtwebchannel, qt6-qtwebengine, qt6-qtwebsockets, qt6-qtwebview, and zeal), Red Hat (glibc, kernel, kernel-rt, kpatch-patch, linux-firmware, mod_http2, pcp, pcs, protobuf, python3, rpm-ostree, and rust), SUSE (git, glibc-livepatches, kernel, libxml2, openssl-1_1, SUSE Manager Client Tools, SUSE Manager Client Tools, salt, and xdg-desktop-portal), and Ubuntu (amavisd-new, firefox, flask-security, frr, git, intel-microcode, jinja2, libreoffice, linux-intel-iotg, unbound, and webkit2gtk).
-
Windows TCO
-
Federal News Network ☛ Bipartisan bill would put HHS IG in key role following Change Healthcare incident
One lawmaker says the bill to empower the HHS IG would address "how we are setting standards for American patients’ healthcare data."
-