Security Leftovers
-
Security Week ☛ Fortra Patches Critical SQL Injection in FileCatalyst Workflow
Fortra has patched a critical-severity vulnerability in FileCatalyst Workflow leading to the creation of administrator accounts.
-
SANS ☛ Support of SSL 2.0 on web servers in 2024, (Fri, Jun 28th)
-
Security Week ☛ Microsoft Details ‘Skeleton Key’ Hey Hi (AI) Jailbreak Technique
Microsoft has tricked several gen-AI models into providing forbidden information using a jailbreak technique named Skeleton Key.
-
Security Week ☛ Chicago Children’s Hospital Says 791,000 Impacted by Ransomware Attack [Ed: Windows TCO?]
Ann & Robert H. Lurie Children’s Hospital of Chicago says the recent data breach caused by a ransomware attack impacts 791,000 people.
-
Security Week ☛ Polyfill Domain Shut Down as Owner Disputes Accusations of Malicious Activity
Namecheap shut down polyfill.io amid reports of malicious activity, but the Chinese owner claims it has good intentions.
-
Pen Test Partners ☛ Glastonbury ticket hijack vulnerability fixed
The Glastonbury ticket website was vulnerable to a relatively simple attack that that allowed ticket theft and data leakage. What’s the issue?
-
RFA ☛ Indonesia plans to expel 103 Taiwanese caught in cybersecurity crackdown
Charges are linked to misusing visas and not cybercrimes because scam allegedly targeted Malaysians.
-
OpenSSF (Linux Foundation) ☛ Improving OpenSSF Scorecard Scores: StepSecurity Automation for Four Key Checks
Implementing security best practices is essential for open source maintainers to ensure their projects are secure and free from vulnerabilities. However, many maintainers find this task complex and time-consuming when done manually. The OpenSSF Scorecard offers an automated heuristic of how well key security processes are implemented in a project, providing a clear assessment of its security posture. Despite its benefits, manually implementing these security measures can be cumbersome and labor-intensive. This is where automation becomes valuable. StepSecurity’s Secure-Repo project helps automate the implementation of these security best practices, making it easier and faster for maintainers to enhance their project's security.