Security Leftovers

posted by Roy Schestowitz on Oct 09, 2024

• Federal News Network ☛ IoT-driven endpoint proliferation requires secure-by-design principles

  The government needs to push the market in the direction of secure-by-design, Touhill said. That includes manufacturing, fielding and management of these endpoints. That means specific cybersecurity requirements need to be built-in from the start, and trained personnel to verify the effectiveness of those cybersecurity measures.

  And that includes more than just software, Touhill said. That also includes the platforms and hardware that the software will run on. And it also needs to take the user into account as well.

• Windows TCO

  • Krebs On Security ☛ [Microsoft] Patch Tuesday, October 2024 Edition

    Microsoft today released security updates to fix at least 117 security holes in Windows computers and other software, including two vulnerabilities that are already seeing active attacks. Also, Adobe plugged 52 security holes across a range of products, and Apple has addressed a bug in its new macOS 15 “Sequoia” update that broke many cybersecurity tools.

  • Vice Media Group ☛ American Water, the Largest U.S. Water Utility, Hit with Cyberattack

    The Camden, NJ, company revealed the hack on Monday after identifying issues a few days earlier and notifying law enforcement. According to a regulatory filing, the full impact of the breach is still unknown, as the company is “currently unable to predict the full impact of this incident.”

  • Inside Towers ☛ Nokia Says Cyber Criminal Attacks on Telecom Infrastructure Accelerating

    The growth in DDoS attacks has been fueled by the proliferation of hundreds of thousands of insecure IoT devices, ranging from smart refrigerators to smartwatches, which often have lax security protections yet have gigabit broadband capacity that facilitates the spread of malware.

  • Open Source Initiative ☛ The Open Source Initiative Supports the Open Source Pledge [Ed: The Open Source Initiative also takes bribes from Microsoft to lobby for GPL violations in GitHub. The OSI is a truly sick organisation that fronts for Microsoft and promotes exploitation.]

    Creating a new social norm of companies paying Open Source maintainers and organizations, the Open Source Pledge is supported by the OSI and other contributors.

• Integrity/Availability/Authenticity

  • Federal News Network ☛ DoD wringing out zero trust concepts under assessment process

    The proofs of concept range from a ship-to-shore connection sponsored by Naval Sea Systems Command to the Defense Information Systems Agency’s work on federated identity, credentialing and access management (ICAM).

    The Pentagon’s zero trust strategy lays out a goal to achieve a “target” level of zero trust across all DoD components by fiscal 2027.

  • The Conversation ☛ As an ethical hacker, I can’t believe the risks people routinely take when they access the internet in public

    You can avoid these risks by logging in from a virtual private network (VPN), not that I saw anyone doing that at the concert. More generally, people can protect themselves from identity theft by, for instance, having anti-phishing systems in their inboxes.

    However, the easiest defence of all is to be alert to the risks and take sensible precautions in public. By protecting your data and devices, no matter where you are, you can avoid becoming one of the victims.