Security Leftovers
LWN ☛ Security updates for Tuesday
Security updates have been issued by Debian (engrampa and libgit2), Fedora (libxls, perl-Spreadsheet-ParseXLSX, and wpa_supplicant), Gentoo (PyYAML), Mageia (packages and thunderbird), Red Hat (firefox, kernel, linux-firmware, thunderbird, and unbound), Slackware (openjpeg), SUSE (golang-github-prometheus-prometheus, installation-images, kernel, python-azure-core, python-azure-storage-blob, salt and python-pyzmq, SUSE Manager 4.2.11, SUSE Manager 4.3, SUSE Manager Server 4.2, and wayland), and Ubuntu (dnsmasq, libde265, libxml2, openjdk-17, openjdk-21, openjdk-lts, and postgresql-12, postgresql-14, postgresql-15).
Bruce Schneier ☛ China Surveillance Company Hacked
Last week, someone posted something like 570 files, images and chat logs from a Chinese company called I-Soon. I-Soon sells hacking and espionage services to Chinese national and local government.>
WhichUK ☛ Notorious crypto scam found masquerading on app stores
Which? found four dodgy apps appearing in the Fashion Company Apple App Store and Surveillance Giant Google Play
OpenSSF (Linux Foundation) ☛ OpenSSF Supports White House’s Efforts to Build More Secure and Measurable Software
The US Office of the National Cyber Director (ONCD) report Back to the Building Blocks: A Path Toward Secure and Measurable Software, was released today. The report provides valuable insights into strategies to improve software security. This paper emphasizes the importance of proactive measures in mitigating vulnerabilities by examining pivotal principles such as memory safety, measurements, and metrics to help enhance software security.
OpenSSF (Linux Foundation) ☛ Golden Egg Award: Celebrating Exceptional Contributions in the OpenSSF Community
In Open Source Security Foundation (OpenSSF), we shine a light on those who go above and beyond in enriching our community. The Golden Egg Awards recognize individuals as the driving force behind innovation. More than just a token of appreciation, the Golden Egg symbolizes gratitude for their selfless dedication to securing open source projects through community engagement, engineering, innovation, and thoughtful leadership.
Security Week ☛ Canada’s RCMP, Global Affairs Hit by Cyberattacks
Canadian authorities are actively investigating cyberattacks impacting the RCMP network and Global Affairs Canada.
Security Week ☛ NIST Cybersecurity Framework 2.0 Officially Released
NIST releases Cybersecurity Framework 2.0, the first major update since the creation of the CSF a decade ago.