news
Security Leftovers and Microsoft/Windows TCO
-
Security Boulevard ☛ Why Security-Minded Teams Are Turning to Hardened Linux Distributions
In conversations about operating system security, “compliance” tends to dominate. But for those of us responsible for keeping infrastructure secure—whether facing STIG implementations, CIS benchmark requirements, or FedRAMP assessments—we know the truth: compliance is the baseline, not the goal.
Throughout my career, I have been involved in the security space—serving on governing boards for OSS security projects, supporting the launch of the Open Source Security Foundation, and driving adoption of DevSecOps practices. But as I’ve focused on OS security and spoken with teams across energy, government, and technology sectors who must reconcile compliance mandates with practical realities, it has opened my eyes to OS-level challenges I was not previously aware of.
-
Information Security Media Group, Corporation ☛ Strengthening Linux Security With Kernel Runtime Guard
Linux security remains a pressing concern as vulnerabilities continue to expose critical systems. Alexander Peslyak, founder of Openwall and senior principal security engineer at CIQ, said Linux Kernel Runtime Guard's, or LKRG, 1.0 release brought major improvements in testing and code cleanup.
-
SANS ☛ CTRL-Z DLL Hooking, (Wed, Sep 17th)
When you're debugging a malware sample, you probably run it into a debugger and define some breakpoints. The idea is to take over the program control before it will perform interesting actions. Usually, we set breakpoints on memory management API call (like VirtualAlloc()) or process activities (like CreateProcess(), CreateRemoteThread(), ...).
-
Security Week ☛ Decade-Old Pixie Dust Wi-Fi Hack Still Impacts Many Devices
NetRise has identified 20 device models from six vendors that are still vulnerable to Pixie Dust attacks.
-
Pen Test Partners ☛ Discord as a C2 and the cached evidence left behind
TL;DR Why Discord appeals to attackers Discord has become an attractive tool for attackers not because it’s malicious, but because it’s legitimate and trusted. It often flies under the radar of security controls and offers features that make it easy to send data out without user interaction or elevated permissions.
-
Bruce Schneier ☛ Hacking Electronic Safes
Vulnerabilities in electronic safes that use Securam Prologic locks:
While both their techniques represent glaring security vulnerabilities, Omo says it’s the one that exploits a feature intended as a legitimate unlock method for locksmiths that’s the more widespread and dangerous. “This attack is something where, if you had a safe with this kind of lock, I could literally pull up the code right now with no specialized hardware, nothing,” Omo says. “All of a sudden, based on our testing, it seems like people can get into almost any Securam Prologic lock in the world.
-
Windows TCO / Windows Bot Nets
-
Security Week ☛ Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit [Ed: Microsoft is transmitting malware to people via npm]
The packages were injected with malicious code to harvest secrets, dump them to a public repository, and make private repositories public.
-
SANS ☛ Why You Need Phishing Resistant Authentication NOW., (Tue, Sep 16th)
The recent (and still ongoing) phishing of NPM developer accounts showed yet again that even technically sophisticated and aware users are falling for phishing lures. Anybody will fall for phishing if a well-targeted e-mail is used.
-
LinuxConfig ☛ Unprecedented npm Supply Chain Attack Heightens Node.js Security Concerns in 2025
-
Scoop News Group ☛ Microsoft seizes hundreds of phishing sites tied to massive credential theft operation [Ed: Microsoft acting like police now (or a state)]
The company acted on a court order and collaborated with Clownflare to seize RaccoonO365’s infrastructure, which was used to steal credentials from organizations in 94 countries.
-
Silicon Angle ☛ Syncro Cloud Backup targets rising risks in Abusive Monopolist Microsoft 365 and Entra ID
Managed service provider and information technology management platform company Syncro today launched Syncro Cloud Backup, an integrated backup and restore solution for Abusive Monopolist Microsoft 365 and Entra ID. The new offering builds on Syncro’s extended monitoring and management’s automated configuration, security baseline management and compliance monitoring.
-
Security Week ☛ RaccoonO365 Phishing Service Disrupted, Leader Identified
Microsoft and Clownflare have teamed up to take down the infrastructure used by RaccoonO365.
-