Security and Windows TCO
-
Bruce Schneier ☛ ShredOS
ShredOS is a stripped-down operating system designed to destroy data.
GitHub page here.
-
Silicon Angle ☛ US sanctions Chinese cybersecurity company over ties to Flax Typhoon hacking group [Ed: Back doors when a foreign country finds those]
The U.S. Treasury Department today issued sanctions against Integrity Technology Group, a Beijing-based cybersecurity company, over its ties to a Chinese state-backed hacking group tracked as Flax Typhoon. The sanctions were rolled out by the Treasury’s Office of Foreign Assets Control, or OFAC.
-
JURIST ☛ US sanctions China cybersecurity firm for alleged role in critical infrastructure hacks
The US Treasury Department on Friday imposed sanctions against Beijing-based cybersecurity firm Integrity Technology Group, Inc. over its alleged involvement in a series of cyberattacks targeting critical US infrastructure.
-
Pen Test Partners ☛ The surprising existence of the erase button on cockpit voice recorders
Safety and transparency are important in aviation. One tool that helps here is the Cockpit Voice Recorder (CVR), which records audio from the cockpit during flights.
-
OpenSSF (Linux Foundation) ☛ SOSS Community Day India 2024: Wrap Up
Towards the end of 2024, we hosted the inaugural SOSS Community Day India, and we’re thrilled to share that it was a resounding success! This remarkable event brought together some of the most active open source contributors in the industry for a day filled with sharing, learning, and collaboration
-
LWN ☛ Security updates for Friday
Security updates have been issued by Debian (linux-6.1), Fedora (iwd and libell), Red Hat (python-requests), and SUSE (velero).
-
Windows TCO
-
SANS ☛ SwaetRAT Delivery Through Python, (Fri, Jan 3rd)
It targets Abusive Monopolist Microsoft backdoored Windows hosts because it starts by loading all libraries required to call Abusive Monopolist Microsoft API Calls and manipulate payloads: [...]
-
Dark Reading ☛ Unpatched Active Directory Flaw Can Crash Any Abusive Monopolist Microsoft Server
Windows servers are vulnerable to a dangerous LDAP vulnerability that could be used to crash multiple servers at once and should be patched immediately.
-
Hacker News ☛ Severe Security Flaws Patched in Abusive Monopolist Microsoft Dynamics 365 and Power Apps Web API
Details have emerged about three now-patched security vulnerabilities in Dynamics 365 and Power Apps Web API that could result in data exposure. The flaws, discovered by Melbourne-based cybersecurity company Stratus Security, have been addressed as of May 2024. Two of the three shortcomings reside in Power Platform’s OData Web API Filter, while the third vulnerability is rooted in the FetchXML API.
-
Federal News Network ☛ Treasury hack: Lawmakers seek more details on scope, third-party vulnerabilities
The Treasury hack is sparking new questions about how agencies ensure the security of third-party technology service providers.
-
US lawmakers demand answers after treasury confirmed Chinese hackers breach
The US Treasury Department said China-backed hackers broke into its cybersecurity system in December.
-