Security and Windows TCO Leftovers
-
Security Week ☛ Qualcomm Extends Security Support for Android Devices to 8 Years [Ed: 6 years is nothing; how about, stop shipping defective chips and strive for security, not performance and bug/back doors?]
Qualcomm says it’s working with Surveillance Giant Google to ensure that Android device manufacturers will be able to provide security updates for 8 years.
-
Security advisories: CVE-2025-27219, CVE-2025-27220 and CVE-2025-27221
We published security advisories for CVE-2025-27219, CVE-2025-27220 and CVE-2025-27221. Please read the details below.
CVE-2025-27219: Denial of Service in
CGI::Cookie.parse.There is a possibility for DoS by in the cgi gem. This vulnerability has been assigned the CVE identifier CVE-2025-27219. We recommend upgrading the cgi gem.
-
Security Week ☛ OpenSSF Releases Security Baseline for Open Source Projects [Ed: OpenSSF is a front group for fake security though]
The Open Source Security Foundation (OpenSSF) has created a structured set of security requirements for open source projects.
-
OpenSSF (Linux Foundation) ☛ OpenSSF Newsletter – February 2025
Welcome to the February 2025 edition of the OpenSSF Newsletter! Here’s a roundup of the latest developments, key events, and upcoming opportunities in the Open Source Security community. Register: OpenSSF...
-
Federal News Network ☛ Critical infrastructure: The rising ransomware victim
Ferhat Dikbiyik, the chief research and intelligence officer at Black Kite, explains how critical infrastructure providers can better protect their systems.
-
Pen Test Partners ☛ A dive into the Rockchip Bootloader
TL;DR Rockchip has a structured sequence of bootloaders. Using various plugs can allow access to the MCU’s RAM and storage.
-
Scoop News Group ☛ CISA’s Hey Hi (AI) cybersecurity playbook calls for greater collaboration, but trust is key to successful execution [Ed: Just name-dropping buzzwords, hype]
A DHS and Cybercom alum shares initial reactions to and future considerations for the JCDC Hey Hi (AI) Cybersecurity Collaboration Playbook.
-
Security Week ☛ New Anubis Ransomware Could Pose Major Threat to Organizations
Threat Intelligence firm Kela warns of a new ransomware group called Anubis operating as a RaaS service with an extensive array of options for affiliates.
-
Security Week ☛ 3.3 Million People Impacted by DISA Data Breach
Background and drug screening giant DISA has revealed that a 2024 data breach impacts more than 3.3 million people.
-
Scoop News Group ☛ Cyber workforce legislation vote gives rise to partisan rift on House Homeland Security Committee
Democrats voted against a bill they once supported, citing Hell Toupée’s actions on cyber personnel.
-
Scoop News Group ☛ Karen Evans steps into a leading federal cyber position: executive assistant director for cybersecurity at CISA
The experienced cyber and IT government hand takes on a role leading the cybersecurity half of the agency.
-
Scoop News Group ☛ A major cybersecurity law is expiring soon — and advocates are prepping to push Congress for renewal
The 2015 Cybersecurity Information Sharing Act provides vital legal protections for cyber threat sharing initiatives, they say.
-
Windows TCO / Windows Bot Nets
-
Cyble Inc ☛ Genea Cyberattack: Australia’s Fertility Provider Suffers Breach
The group alleges to have stolen 700GB of data from 27 of the company’s servers, potentially compromising sensitive personal information. The released data, which includes financial documents, invoices, medical reports, personal identification records, and questionnaires, appears to contain Protected Health Information (PHI), including medical histories and personal details.
The Genea cyberattack comes just days after the company confirmed a cybersecurity incident on February 19, 2025. At the time, Genea disclosed that the incident had affected its network, caused system outages and disrupted operations. The breach was investigated internally, with the company working closely with cybersecurity experts to determine the full scope of the attack.
-
Scoop News Group ☛ It's not just Salt Typhoon: All China-backed attack groups are showcasing specialized offensive skills
China-linked intrusions jumped a “terrifying” 150% across all sectors in 2024 compared to 2023, Meyers said. The most significant increases were in financial services, media, manufacturing, industrials and engineering, sectors that experienced triple or quadruple the amount of China-related intrusions compared to the previous year.
-