Security and Windows TCO
-
Security Week ☛ Censys Finds Hundreds of Exposed Servers as Volt Typhoon APT Targets Service Providers
Amidst Volt Typhoon zero-day exploitation, Censys finds hundreds of exposed servers presenting ripe attack surface for attackers.
-
LWN ☛ Security updates for Wednesday
Security updates have been issued by Fedora (calibre, dotnet8.0, dovecot, webkit2gtk4.0, and webkitgtk), Oracle (nodejs:20), Red Hat (bind, bind and bind-dyndb-ldap, postgresql:16, and squid), Slackware (kcron and plasma), SUSE (keepalived and webkit2gtk3), and Ubuntu (drupal7).
-
Security Week ☛ Malware Delivered via Malicious Pidgin Plugin, Signal Fork
Threat actors delivered malware via instant messaging applications, including a malicious Pidgin plugin and an unofficial Signal fork.
-
Security Week ☛ US Offering $2.5 Million Reward for Belarusian Malware Distributor
The US government is offering a $2.5 million reward for information leading to the arrest of malware distributor Volodymyr Kadariya.
> -
Security Week ☛ Google Now Offering Up to $250,000 for Chrome Vulnerabilities
Google has significantly increased the rewards for Chrome browser vulnerabilities, offering up to $250,000 for remote code execution bugs.
-
Federal News Network ☛ DoJ’s Georgia Tech lawsuit a ‘warning’ to contractors on cyber compliance
The Georgia Tech case centers on the university’s alleged failure to follow NIST cybersecurity controls required by DoD contracts.
-
Windows TCO
-
Scoop News Group ☛ Iranian hackers ‘tickle’ targets in US, UAE with custom tool, Abusive Monopolist Microsoft says [Ed: Microsoft is the culprit, not the expert; Iran often exploits holes in Microsoft products, so this is another convenient PR decoy by Microsoft]
Peach Sandstorm is said to have focused on the oil and gas, satellite, government and communications sectors.
-
InfoSecurity Magazine ☛ Microsoft 365 Copilot Vulnerability Exposes User Data Risks
A vulnerability in Microsoft 365 Copilot that allowed attackers to steal users’ sensitive information has been disclosed by a cybersecurity researcher. Johann Rehberger, who discovered the flaw, described the exploit chain in a blog post published on August 26.
-
TwinCities Pioneer Press ☛ CrowdStrike estimates the tech meltdown caused by its bungling left a $60 million dent in its sales [Ed: What about the billions in damages caused by Windows and clownstrike malfunctioning and the massive loss of lives?]
Cybersecurity specialist CrowdStrike Holdings on Wednesday estimated it absorbed a roughly $60 million blow to its sales pipeline last month after its botched handling of a software update triggered a technology meltdown that stranded thousands of people in airports in addition to other exasperating disruptions.
-