Security and Windows/Microsoft TCO Picks
-
LWN ☛ Security updates for Wednesday
Security updates have been issued by Debian (firefox-esr, openjdk-17, and wpa), Gentoo (aiohttp, Bitcoin, Cairo, Go, json-c, Levenshtein, libXpm, nghttp2, PostgreSQL, and Redis), Red Hat (kernel, kernel-rt, python-setuptools, python-urllib3, python3.11-setuptools, and wget), Slackware (mozilla), SUSE (bind, curl, docker, ffmpeg, ffmpeg-4, kernel, kernel-firmware, libnbd, patch, shadow, and thunderbird), and Ubuntu (python-django and wpa).
-
Pen Test Partners ☛ Key safe security, or the lack of it
A few years back we put a key safe into our office.
-
Silicon Angle ☛ Fortinet acquires Next DLP to extend its data security capabilities
Fortinet Inc. has acquired Next DLP Inc., a startup that helps enterprises ensure their workers interact with internal data in a secure manner. The companies announced the deal today without disclosing the financial terms. According to PitchBook, Next DLP raised more than $10 million in funding prior to the acquisition.
-
Security Week ☛ Over 40,000 Internet-Exposed ICS Devices Found in US: Censys
Censys has found more than 40,000 internet-exposed ICS devices in the US, and notifying owners is in many cases impossible.
-
Citizen Lab ☛ The Citizen Lab at DEF CON 32
In this talk at the DEF CON 32 convention on August 11, Jeffrey Knockel and Mona Wang will discuss how any network eavesdropper may read the keystrokes of popular Chinese IME keyboard users.
-
Medevel ☛ Open Password Manager - Free Cross-platform and Open source Password Manager
OpenPasswordManager is a browser and desktop password manager. The app can run either in browser, or as a desktop app.
OpenPasswordManager use ReactJS for the frontend and ExpressJS for the backend.
-
Purism ☛ The Evolution of Smartphone Security
When smartphones first emerged in the early 2000s, the attack surface was relatively small. Devices were primarily used for Personal Information Management (PIM) such as calls, texts, email, calendaring, and basic internet browsing. However, the landscape changed dramatically with the introduction of the iPhone and Android platforms in 2007.
-
Hacker News ☛ New Linux Kernel Exploit Technique 'SLUBStick' Discovered by Researchers [Ed: Exaggerated claims]
-
New Linux kernel attack slips past modern defenses — SLUBStick boasts a 99% success rate
-
Secure software development education report from the Linux Foundation
Linux Foundation Research and the Open Source Security Foundation (OpenSSF) are pleased to release a new report titled "Secure Software Development Education 2024 Survey: Understanding Current Needs." Based on a survey of nearly 400 software development professionals, the analysis explores the current state of secure software development. It underscores the urgent need for formalized industry education and training programs.
-
Windows TCO
-
Scoop News Group ☛ Easterly: Potential Chinese cyberattack could unfold like CrowdStrike error
CISA director calls CrowdStrike-linked outage a “dress rehearsal” for what China may have planned for U.S. critical infrastructure.
-
Security Week ☛ Windows Update Flaws Allow Undetectable Downgrade Attacks
Researcher showcases hack against Abusive Monopolist Microsoft backdoored Windows Update architecture, turning fixed vulnerabilities into zero-days.
-