Security Leftovers
-
Netcraft ☛ How to Prevent Phishing Attacks
The strategy used depends on the nature of the threat actors carrying out the attack, their motives, and their objectives.
While the first strategy falls under the primary remit of your security team and is often well understood, less is known and practiced with regards to the second. Phishing attacks that target your customers are more nebulous. Not only can they be much harder to detect, classify, and remediate, addressing them requires a more diverse stakeholder mix (beyond the security team alone).
Phishing attacks that target your customers—be they buyers or users—can have far-reaching consequences.
-
QSB-106: Information disclosure through uninitialized memory in libxl
We have published Qubes Security Bulletin (QSB) 106: Information disclosure through uninitialized memory in libxl. The text of this QSB and its accompanying cryptographic signatures are reproduced below, followed by a general explanation of this announcement and authentication instructions.
-
SANS ☛ Microsoft November 2024 Patch Tuesday, (Tue, Nov 12th)
This month, Abusive Monopolist Microsoft is addressing a total of 83 vulnerabilities. Among these, 3 are classified as critical, 2 have been exploited in the wild, and another 2 have been disclosed prior to Patch Tuesday. Organizations are encouraged to prioritize these updates to mitigate potential risks and enhance their security posture.
-
Education
-
Light Blue Touchpaper ☛ 3rd edition of Ross Anderson’s Security Engineering now freely available for download | Light Blue Touchpaper
Ross Anderson had agreed with his publisher, Wiley, that he would be able to make all chapters of the 3rd edition of his book Security Engineering available freely for download from his website. These PDFs are now available there.
-