Security Leftovers
-
OpenSSF (Linux Foundation) ☛ OpenSSF at Grace Hopper Celebration 2024: Advancing Diversity and Security in Open Source [Ed: A corporate front group in diversity clothing]
The Grace Hopper Celebration (GHC) is the world’s largest gathering of women and non-binary technologists, where diversity, innovation, and inclusion come together to shape the future of technology. Named after pioneering computer scientist Grace Hopper, this event is organized by the Anita Borg Institute for Women and Technology, bringing forward the research, contributions, and career interests of women in computing.
-
Security Week ☛ Law Enforcement Dismantles Phishing Platform Used for Unlocking Stolen Phones
The iServer phishing-as-a-service platform was used by Spanish-speaking criminals to harvest credentials and unlock stolen and lost phones.
-
Dhole Moments ☛ Cryptographic Innuendos
Neil Madden recently wrote a blog post titled, Digital Signatures and How to Avoid Them. One of the major points he raised is: Another way that signatures cause issues is that they are too powerful for the job they are used for.
-
Security Week ☛ Ivanti Warns of Second CSA Vulnerability Exploited in Attacks
In addition to the Ivanti CSA flaw CVE-2024-8190, another vulnerability affecting the same product, tracked as CVE-2024-8963, has been exploited.
-
Silicon Angle ☛ Healthcare becomes prime target for cyberattacks as security industry defends against AI-generated cybersecurity threats [Ed: ransomware is primarily a Windows issue, throwing "AI" in there is just hype and spam]
Cybersecurity threats continue to evolve, and bad actors attacking digital environments operate on the same principles as many of the organizations they target. It’s a risk-and-reward model, where the return on investment can be quite lucrative when a victim pays ransomware to get their data returned.
-
Forbes ☛ Google Chrome Says Goodbye To Passwords On Windows, Mac, Linux, Android [Ed: Even worse; more outsourcing to spies]
Passkeys are, without a doubt, the future of login security. 1Password has called them “nearly impossible for hackers to guess or intercept” and Google uses them to replace hardware key and two-factor authentication for high-risk users. Now Google has gone one step further in this move to a passwordless future: secure syncing across devices with Chrome on Windows, macOS, Linux and Android platforms right now, with iOS still in development but promised soon.