Security Leftovers
SANS ☛ Multiple Layers of Anti-Sandboxing Techniques, (Tue, Oct 31st)
TechRepublic ☛ Google Offers Bug Bounties for Generative Hey Hi (AI) Security Vulnerabilities
Google's Vulnerability Reward Program offers up to $31,337 for discovering potential hazards. Surveillance Giant Google joins Proprietary Chaffbot Company and Abusive Monopolist Microsoft in rewarding Hey Hi (AI) bug hunts.
OpenSSF Identifying Security Threats Working Group: Evaluating the Health of Open Source Projects [Ed: A fake security groups made out of NSA back doors facilitators]
This month's spotlight is on the OpenSSF Identifying Security Threats Working Group, which recently released the first version of the Security Insights Specification. This Working Group is dedicated to equipping the community with tools and documents for assessing the health of open source projects using metrics and other supporting evidence.
WhichUK ☛ Fraud victim reimbursement rankings revealed – how did your bank fare?
New data reveals huge variations in banks reimbursing scam victims
Security Week ☛ Atlassian CISO Urges Quick Action to Protect Confluence Instances From Critical Vulnerability
Atlassian warns that a critical vulnerability in Confluence Data Center and Server could lead to significant data loss if exploited.
Security Week ☛ IAM Credentials in Public Microsoft's proprietary prison GitHub Repositories Harvested in Minutes
A threat actor is reportedly harvesting IAM credentials from public Microsoft's proprietary prison GitHub repositories within five minutes of exposure.
Federal News Network ☛ Chief learning officers are trying to tackle some of government’s biggest skills gaps
Chief learning officers, often behind the scenes, try to ensure an agency’s workforce has the skills it needs, particularly in mission-critical areas, such as data analytics, IT and cybersecurity.
Security Week ☛ Cybersecurity Leaders Spooked by SEC Lawsuit Against SolarWinds CISO
The SEC's lawsuit against the CISO of SolarWinds is leaving CISOs across the industry spooked and reevaluating their roles.
Pen Test Partners ☛ FujiFilm printer credentials encryption issue fixed
TL;DR Many multi-function printers made by FujiFilm Business Innovation Corporation (Fujifilm) which includes Apeos, ApeosPro, PrimeLink and RevoriaPress brands as well as Xerox Corporation (Xerox) which includes VersaLink, PrimeLink...
ADF ☛ Ghana Armed Forces to Launch Cyber Directorate to Expand Online Defenses
ADF STAFF With cybercrime growing rapidly across Africa, the Ghana Armed Forces plans to launch a Directorate of Cyber and Electronic Warfare Operations to protect the nation’s military from cyberattacks and to expand the country’s ability to detect and shut down online criminal activity.
Silicon Angle ☛ US, dozens of allies pledge not to pay ransomware hackers [Ed: Windows TCO]
The U.S. and dozens of other countries have pledged not to pay hackers after ransomware attacks. The commitment was reportedly made today at an annual meeting of the International Counter-Ransomware Initiative, a coalition focused on tackling cybercrime. The coalition includes the U.S. and about 40 other countries, as well as the European Union and Interpol.
Security Week ☛ Attackers Exploiting Critical F5 BIG-IP Vulnerability
Exploitation of a critical vulnerability (CVE-2023-46747) in F5’s BIG-IP product started less than five days after public disclosure and PoC exploit code was published.
Security Week ☛ Extending ZTNA to Protect Against Insider Threats
One of the main reasons why ZTNA fails is that most ZTNA implementations tend to focus entirely on securing remote access.
Pen Test Partners ☛ FDA medical IoT cyber device compliance. FD&C 524b
TL;DR FD&C 524b is new FDA legislation for medical cyber device compliance Introduced on March 30th 2023 it is now a firm requirement as of October 1st 2023