news
Security Leftovers
-
Scoop News Group ☛ Treasury bureau notifies Congress that email hack was a ‘major’ cybersecurity incident
The OCC said the February incident resulted in the theft of “highly sensitive information" tied to the financial conditions of federally regulated institutions.
-
Qt ☛ Qt Group Authorized as a CVE Numbering Authority (CNA) by the CVE Program
Qt Group has been authorized by the Common Vulnerabilities and Exposures (CVE®) Program as a CVE Numbering Authority (CNA), covering all Qt products. It is a significant milestone on Qt’s cybersecurity strategy and aligns with our commitment to robust vulnerability management processes and practices.
-
Tom's Hardware ☛ AMD Zen 5 CPUs also affected by microcode vulnerability — Granite Ridge, Turin, Ryzen Hey Hi (AI) 300, and Fire Range at risk
A vulnerability targeting AMD CPUs that can execute unsigned microcode on your processor also affects AMD's Zen 5.
-
OpenSSF (Linux Foundation) ☛ OpenSSF Community Day NA 2025 Agenda Live!
We’re excited to share that the agenda for OpenSSF Community Day North America 2025 is now live! Join us on June 26 in Denver, Colorado, for a day filled with collaboration, technical insights, and future-focused conversations on securing the open source ecosystem.
-
Pen Test Partners ☛ Don’t use corporate email for your personal life
TL;DR People use whatever is convenient. Segregation of work and personal matters is a key part of security. Using corporate addresses tramples on this separation.
-
Scoop News Group ☛ Cyber experts offer lukewarm praise for voluntary code governing use of commercial hacking tools
The Pall Mall Process guidelines for nations could be useful, they said, but have obvious limitations.
-
The Strategist ☛ Australia’s cyber strategy needs a vulnerability disclosure upgrade
Australia is in a race against time. Cyber adversaries are exploiting vulnerabilities faster than we can identify and patch them. Both national security and economic considerations demand policy action.
-
Security Week ☛ Operations of Sensor Giant Sensata Disrupted by Ransomware Attack
Sensata has informed the SEC that shipping, manufacturing and other operations have been impacted by a ransomware attack.
-
Security Week ☛ Juniper Networks Patches Dozens of Junos Vulnerabilities
Juniper Networks has patched two dozen vulnerabilities in Junos OS and Junos OS Evolved, and dozens of flaws in Junos Space third-party dependencies.
-
Security Week ☛ Europol Targets Customers of Smokeloader Pay-Per-Install Botnet
Law enforcement agencies in multiple countries have announced the arrests of users of the malicious Smokeloader botnet.
-
SANS ☛ Network Infraxploit
-
Scoop News Group ☛ BadBazaar and Moonshine malware targets Taiwanese, Tibetan and Uyghur groups, U.K. warns
In a joint advisory with Western allies, the National Cyber Security Centre sounded the alarm about variants of BADBAZAAR and MOONSHINE.
-
Silicon Angle ☛ SpyNote Android malware resurfaces in campaign using spoofed app install pages
A new report out today from internet intelligence company DomainTools LLC warns that threat actors are using newly registered domains to deliver the SpyNote Android remote access trojan via sites that mimic Surveillance Giant Google Play app installation pages.