Security Leftovers and Windows TCO Tales
-
Security Week ☛ Network of 3,000 Microsoft's proprietary prison GitHub Accounts Used for Malware Distribution [Ed: GitHub (NSA) is itself a form of malware and a great security risk]
Stargazer Goblin has created a network of over 3,000 Microsoft's proprietary prison GitHub accounts to distribute malware through phishing repositories.
-
TwinCities Pioneer Press ☛ Heidi Boghosian: The CrowdStrike outage shows the danger of depending on [Microsoft]
The rapid consolidation of power in tech companies poses challenges to the government and society.
-
Security Week ☛ Google Boosts Chrome Protections Against Malicious Files [Ed: Malicious files except Chrome itself (proprietary spyware)]
Google has announced improved protections for Chrome users when downloading files from the internet.
> -
WhichUK ☛ Insurers quoted higher premiums in [Microsoft] outage chaos
CrowdStrike bug could mean some customers paid more for home and car insurance
-
Scoop News Group ☛ Banking, oil and IT industry reps call on Congress to harmonize cyber regulations … again
Industry representatives in a House hearing pointed to the Biden administration’s cyber reporting mandate as an example of overlapping regulations.
-
Security Week ☛ BIND Updates Resolve High-Severity DoS Vulnerabilities
The latest BIND security updates address remotely exploitable vulnerabilities leading to denial-of-service.
-
Bruce Schneier ☛ Data Wallets Using the Solid Protocol
I am the Chief of Security Architecture at Inrupt, Inc., the company that is commercializing Tim Berners-Lee’s Solid open W3C standard for distributed data ownership. This week, we announced a digital wallet based on the Solid architecture.
-
SANS ☛ XWorm Hidden With Process Hollowing, (Thu, Jul 25th)
-
Security Week ☛ Phone Lines Down in Multiple Courts Across California After Ransomware Attack
Phone lines down in multiple courts across California after ransomware attack on state’s largest trial court in Los Angeles County.
-
France24 ☛ French authorities launch large-scale operation to combat cyber spying
A senior Paris prosecutor on Thursday announced that authorities have kicked off a major operation to target a network of bots that have been infecting computers with a malware programmed aimed at stealing data for “espionage” purposes. The sweeping operation was launched on July 18 and is set to last several months.
-
Silicon Angle ☛ Stolen internal documents from Pentagon contractor Leidos leaked online
Hackers have reportedly leaked stolen internal documents from Leidos Holdings Inc., one of the largest information technology services providers to the U.S. government and notably a Pentagon contractor.
-
Security Week ☛ Nvidia Patches High-Severity Vulnerabilities in AI, Networking Products
Nvidia has patched high-severity vulnerabilities in its Jetson, Mellanox OS, OnyX, Skyway, and MetroX products.
-
Ubuntu Patches Several Apache HTTP Server Vulnerabilities
Several security vulnerabilities were discovered in Apache HTTP server, which could lead to denial of service or exposure of sensitive information. Fortunately, they have been addressed in the new version and upgrading Apache HTTP server package is strongly recommended. Canonical has also released security updates to address these vulnerabilities across multiple versions of its operating system, including Ubuntu 24.04 LTS, Ubuntu 23.10, Ubuntu 22.04 LTS, and Ubuntu 20.04 LTS.
-
Windows TCO
-
Scoop News Group ☛ North Korean hacking group makes waves to gain Mandiant, FBI spotlight
The newly designated APT45 pursues military intelligence but has been expanding its targets, Mandiant says.
-
Security Week ☛ North Korean Charged in Ransomware Attacks on American Hospitals
A man who allegedly carried out attacks for a North Korean military intelligence agency has been indicted in a conspiracy to hack healthcare firms, NASA, military bases and other entities.
-
Security Week ☛ Mandiant Shines Spotlight on APT45 Behind North Korea’s Digital Military Machine
A fresh Mandiant report documents North Korea's APT45 as a distinct hacking team conducting cyberespionage and ransomware operations.
-