Security Leftovers
-
Ruben Schade ☛ Virus scans don’t automatically render a file safe
I saw this in the footer of someone’s technical forum post:
All files have been analysed for malware with VirusTotal, and have shown a positive output, being completely safe to install.
I have thoughts!
English wasn’t the person’s primary language, so I empathise and understand logically why they said “positive output”. But testing “positive” for something you don’t want isn’t good. You’d be better saying a file tested “negative” for viruses on a virus scan, or “passed” the test if that’s confusing. As an aside, isn’t English fun!?
-
OpenSSF (Linux Foundation) ☛ A Bird’s-Eye View of LFD 121 (Developing Secure Software) — and Why Every Developer Should Take It
Software security has continued to grow in importance. The 'Linux' Foundation has undertaken various initiatives around open source software security, such as the Open Source Security Foundation (OpenSSF)—–a full list of initiatives is available on LF Security.
-
LWN ☛ Security updates for Monday
Security updates have been issued by Debian (python-asyncssh), Fedora (bind, bind-dyndb-ldap, httpd, and tor), SUSE (cosign, cpio, curl, expat, java-11-openjdk, ncurses, netty, netty-tcnative, opera, python-Django, python-Pillow, shadow, sudo, and wpa_supplicant), and Ubuntu (firefox).
-
Tom's Hardware ☛ U.S. lawmakers request probe into Chinese router manufacturer TP-Link — letter cites cybersecurity vulnerabilities with TP-Link routers
Citing multiple vulnerabilities, hacking groups, and extensive use by military personnel and bases, two U.S. congressmen jointly requested the Department of Commerce investigate potential threats from TP-Link's Chinese-made routers.
-
Tom's Hardware ☛ Ryzen 3000 fix for 'Sinkclose' vulnerability arrives tomorrow — AMD reverses course and will patch Ryzen 3000 after all
AMD has changed course and provided a security patch for the Sinkclose vulnerability for Ryzen 3000 series desktop processors. The new update will arrive tomorrow, August 20.
-
Security Week ☛ 100,000 Impacted by Jewish Home Lifecare Data Breach
A Jewish Home Lifecare data breach resulting from a BlackCat ransomware attack impacts over 100,000 individuals.
-
Security Week ☛ Oregon Zoo Ticketing Service Hack Impacts 118,000
A web skimmer was likely used to steal names and payment card data from the Oregon Zoo’s online ticketing service.
-
Security Week ☛ US Lawmakers Want Investigation Into TP-Link Over Chinese Hacking Fears
Lawmakers want TP-Link to be investigated by the Department of Commerce over concerns that its routers can be easily hacked to infiltrate US systems.
-
Federal News Network ☛ In some ways, the recent prisoner exchange could come back to bite the United States
For a traveler and a newspaper reporter, the U.S. returned a ruthless murderer and a gaggle of malicious cyber hackers.
-
Security Week ☛ Carespring Data Breach Exposes Personal and Medical Information of Nearly 77,000 Patients
Data includes names, dates of birth, physical addresses, Social Security Numbers, medical and diagnosis information, and health insurance details.
-
Security Week ☛ National Public Data Says Breach Impacts 1.3 Million People
National Public Data (NPD) has confirmed suffering a data breach, but the company says the incident only affects 1.3 million people in the US.
-
University of Michigan ☛ Does smart security really make us safer?
White picket fences, neatly mowed lawns, winding streets and “secured by ADT” signs are among the hallmarks of American suburbia. A possible new addition to this pantheon has exploded in popularity in recent years: the ubiquitous Ring doorbell.