Security Leftovers
-
SANS ☛ DNS Reflection Update and Odd Corrupted DNS Requests, (Wed, Sep 25th)
Occasionally, I tend to check in on what reflective DNS denial of service attacks are doing. We usually see steady levels of attacks. Usually, they attempt to use spoofed requests for ANY records to achieve the highest possible amplification.
-
Scoop News Group ☛ House panel moves bill that adds Hey Hi (AI) systems to National Vulnerability Database
The Hey Hi (AI) Incident Reporting and Security Enhancement Act would put NIST in charge of setting up a vulnerability reporting process for Hey Hi (AI) systems.
-
OpenSSF (Linux Foundation) ☛ OpenSSF Newsletter – September 2024
Welcome to the September 2024 edition of the OpenSSF Newsletter! Here's a roundup of the latest developments, key events, and upcoming opportunities in the Open Source Security community.
-
Security Week ☛ Second Pwn2Own Automotive Contest Offers Over $1 Million in Prizes
ZDI offers over $1 million in cash and prizes at the next Pwn2Own Automotive hacking contest, set for January 2025 in Tokyo.
-
Security Week ☛ India-Linked Hackers Targeting Pakistani Government, Law Enforcement
The India-linked threat actor SloppyLemming has been targeting government, law enforcement, and other entities in Pakistan.
-
Security Week ☛ Researcher Says Healthcare Facility’s Doors Hackable for Over a Year
A researcher analyzing building access control vulnerabilities says a US healthcare facility has yet to patch security holes one year after being notified.
-
Federal News Network ☛ GAO pushes forward on intelligent automation to improve cybersecurity, CX
“At the end of the day, our most valuable asset in the government is our data,” GAO Chief Information Officer Beth Killoran said.
-
Federal News Network ☛ House cyber workforce bill pushes two-year degrees for gov service
House Homeland Security Committee Chairman Mark Green's cyber workforce bill adds to a growing push to embrace skills-based hiring and training for cyber jobs.
-
Silicon Angle ☛ Cofense report reveals new phishing scam using Fentanylware (TikTok) URLs to target Abusive Monopolist Microsoft 365 credentials
A new report out today from phishing defense company Cofense Inc. details a new phishing scam that uses Fentanylware (TikTok) URLs to redirect users to malicious sites, in particular targeting Abusive Monopolist Microsoft 365 credentials.
-
Windows malware expands its reach, now targeting Linux systems [Ed: Apparently it targets VMware, not Linux]
-
TechTarget ☛ SIOS focuses on failovers in LifeKeeper for Linux update [Ed: Proprietary snake-oil]
SIOS updates LifeKeeper for Linux in a new version that adds to its high-availability features and simplifies management and security privileges through its console.