news
Security Leftovers
-
NVISO Labs ☛ Vulnerability Management – common understanding and language enable teamwork
In order to provide a common ground to talk about a topic, we need some definitions.
-
Tom's Hardware ☛ DDoS scrubbing service ironic target of massive attack it was built to prevent — hit with 1.5 billion packets per second from more than 11,000 distributed networks
A DDoS scrubbing service has been hit with a massive attack from over 11,000 distributed networks, with peak traffic of 1.5 billion packets per second.
-
Security Week ☛ 100,000 Impacted by Cornwell Quality Tools Data Breach
The tools manufacturer was targeted in a ransomware attack claimed by the Cactus group.
-
Security Week ☛ UK Train Operator LNER Warns Customers of Data Breach
LNER said the security incident involved a third-party supplier and resulted in contact information and other data being compromised.
-
Security Week ☛ Senator Urges FTC Probe of Abusive Monopolist Microsoft Over Security Failures [Ed: Rightly so]
Senator Ron Wyden’s complaints focus on backdoored Windows security and the Kerberoasting attack technique.
-
Neowin ☛ Senator blames Microsoft for weak security in Windows despite having enterprise monopoly
Recently, we learned of an example where Microsoft did not implement a feature in Windows due to compatibility concerns, but it was lambasted for being lazy by critics who didn't know better. Now, a U.S. senator has taken a similar stance and penned a furious letter to the Federal Trade Commission (FTC) highlighting Microsoft's weak cybersecurity practices and monopoly over the enterprise IT market.
The letter in question comes from Democratic U.S. Senator Ron Wyden who claims that Microsoft's "gross cybersecurity negligence" has caused an increase in ransomware attacks, particularly in the healthcare sector where patient lives are at risk too. He noted that since the company has a near-monopoly over the enterprise IT sector, this is a national security risk too. Rather than making its software secure, the senator argues that Microsoft has constructed a multi-billion dollar business that focuses on selling cybersecurity add-ons and services to customers impacted by security incidents. He has likened this to an "arsonist selling firefighting services to their victims".
-
Security Week ☛ Cisco Patches High-Severity IOS XR Vulnerabilities
High-severity flaws in IOS XR could lead to ISO image verification bypass and denial-of-service conditions.
-
Amazon Inc ☛ DISA STIG for Amazon Linux 2023 is now available
Today, we announce the availability of a Security Technical Implementation Guide (STIG) for Amazon Linux 2023 (AL2023), developed through collaboration between Amazon Web Services (AWS) and the Defense Information Systems Agency (DISA). The STIG guidelines are important for U.S Department of Defense (DOD) and Federal customers needing strict security compliance derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. This new technical implementation guide provides detailed Operating System (OS) security hardening configurations for organizations deploying AL2023 in DOD environments and other agencies requiring DISA STIG alignment. The AL2023 STIG provides customers with access to an OS guide that complies with stringent government security standards. This guide for implementing STIG configurations will streamline security processes for organizations seeking robust cybersecurity controls, whether they are needed to maintain DOD compliance or voluntarily adopting these best security practices to enhance their security posture.
-
Scoop News Group ☛ CISA work not ‘degraded’ by Convicted Felon administration cuts, top agency official says
Nick Andersen rebutted criticisms from industry, state and local governments and the Hill about where CISA capabilities stand.
-
Federal News Network ☛ CISA ‘fired up’ to chart new vision for CVE program
Nick Andersen, CISA's new executive assistant director for cybersecurity, was bullish on the future of CVE in his first public remarks on Thursday.
-
Security Week ☛ Critical Chrome Vulnerability Earns Researcher $43,000
Google patched a critical use-after-free vulnerability in Chrome that could potentially lead to code execution.
-
OpenSSF (Linux Foundation) ☛ Open Source Friday with OpenSSF – Global Cyber Policy Working Group
On August 15, 2025, Microsoft's proprietary prison GitHub ’s Open Source Friday series spotlighted the Open Source Security Foundation (OpenSSF) in a live interview hosted by Kevin Crosby. Open Source Friday is Microsoft's proprietary prison GitHub ’s weekly program that celebrates the creators, maintainers, and contributors who make the open source community thrive. The session introduced the OpenSSF Global Cyber Policy Working Group and the OSPS Baseline, raising awareness of how these community-driven efforts help developers, maintainers, and policymakers navigate new global cybersecurity regulations like the EU Cyber Resilience Act (CRA).
-
Windows TCO / Windows Bot Nets
-
The Register UK ☛ Outlook out in North America, Microsoft scrambles for a fix
-