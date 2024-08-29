Security Leftovers
Security Week ☛ Identity of Notorious Hacker USDoD Revealed
USDoD, the hacker known for high-profile data leaks, is a man from Brazil, according to CrowdStrike and others.
LWN ☛ Security updates for Tuesday
Security updates have been issued by AlmaLinux (nodejs:20), Debian (python3.11), Fedora (dotnet8.0), Red Hat (bind, krb5, libreoffice, linux-firmware, orc, orc:0.4.28, and orc:0.4.31), SUSE (mariadb and openssl-3), and Ubuntu (linux-aws-5.4).
SANS ☛ Vega-Lite with Kibana to Parse and Display IP Activity over Time, (Tue, Aug 27th)
Security Week ☛ Code Execution Vulnerability Found in WPML Plugin Installed on 1M WordPress Sites
A critical vulnerability in the WPML WordPress plugin could allow a remote attacker to execute arbitrary code on the server.
OpenSSF (Linux Foundation) ☛ What’s in the SOSS? Podcast #12 – CISA’s Aeva Black and the Public Sector View of Open Source Security [Ed: 'Linux' Foundation giving a platform to Microsoft moles, who inherit seats.]
Federal News Network ☛ How the Supreme Court Chevron ruling could affect cybersecurity regulations
"The door is open now for any time there's an enforcement action for those businesses who were slapped by the agency to run to court," Brian Arnold said.
Security Week ☛ When Convenience Costs: CISOs Struggle With SaaS Security Oversight
SaaS applications are so easy to use, the decision, and the deployment, is sometimes undertaken by the business unit user with little reference to, nor oversight from, the security team.
Silicon Angle ☛ Researchers discover China-linked hacking campaign targeting US internet providers
Hackers are using a vulnerability in a network management tool to launch cyberattacks against U.S. internet providers. Black Lotus Labs, the cybersecurity research unit of telecommunications company Lumen Technologies Inc., revealed the hacking campaign today.
OpenSSF (Linux Foundation) ☛ Innovative Supply Chain Security For Enterprise Cloud Platform Service
This blog explores how Guidewire Cloud Platform is using and collaborating with GUAC.
Scoop News Group ☛ Lawmakers must incentivize cyber protection for critical infrastructure
In a world where critical infrastructure networks are increasingly digitalized and interconnected, cyber risk is growing as a significant threat to our nation’s security, safety.