Tux Machines

Security Leftovers

Posted by Roy Schestowitz on Jul 15, 2023

Openwashing, OSI, Linux Foundation, and More Proprietary Stuff

Today in Techrights

Evaluating blockchain security maturity

↺ Evaluating blockchain security maturity

> Blockchain Engineering Director Holistic security reviews should reveal far more than simple bugs. Often, these bugs indicate deeper issues that can be challenging to understand and address.

Hackers targeted the US official who is cracking down on trade with China [Ed: This is 100% about Microsoft, stop trying to make it about "China" because Microsoft asks you to]

↺ Hackers targeted the US official who is cracking down on trade with China

> Chinese hackers have breached the email systems of officials from more than 20 different agencies around the world, including in the US, gaining access to dozens of confidential emails hosted by Microsoft, according to the software company and the White House.

↺ have breached the email systems

↺ have breached the email systems

BlackLotus UEFI Bootkit Source Code Leaked on GitHub

↺ BlackLotus UEFI Bootkit Source Code Leaked on GitHub

> The source code for the BlackLotus UEFI bootkit has been leaked on GitHub and an expert has issued a warning over the risks.

Pluralistic: A "secure" system can be the most dangerous of all (13 July 2023)

↺ Pluralistic: A "secure" system can be the most dangerous of all (13 July 2023)

> Two decades ago, my life changed forever: hearing Bruce Schneier explain that "security" doesn't exist in the abstract. You can only be secure from some threat. A fire alarm won't protect you from burglaries. A condom won't protect you from mass shootings.

APT Exploit Targeting Rockwell Automation Flaws Threatens Critical Infrastructure

↺ APT Exploit Targeting Rockwell Automation Flaws Threatens Critical Infrastructure

> Two Rockwell Automation product vulnerabilities have been used for a new exploit by an APT group that could use it to target critical infrastructure.

SonicWall Patches Critical Vulnerabilities in GMS, Analytics Products

↺ SonicWall Patches Critical Vulnerabilities in GMS, Analytics Products

> SonicWall patches four critical-severity vulnerabilities in its Global Management System (GMS) and Analytics products.

White House plan for implementing cybersecurity strategy faces roadblocks

↺ White House plan for implementing cybersecurity strategy faces roadblocks

> A Chinese hacking campaign and a court ruling pausing minimum security standards for the water sector illustrate challenges in improving cybersecurity.

White House releases National Cybersecurity Strategy implementation plan

↺ White House releases National Cybersecurity Strategy implementation plan

> The plan is a roadmap for the U.S. government to accomplish the goals outlined in the National Cybersecurity Strategy.

Apple Re-Releases Urgent Zero-Day Patches With Fix for Website Access Issue

↺ Apple Re-Releases Urgent Zero-Day Patches With Fix for Website Access Issue

> Apple has re-released its Rapid Security Response updates for iOS and macOS after fixing a website access issue caused by the original patches.

Juniper Networks Patches High-Severity Vulnerabilities in Junos OS

↺ Juniper Networks Patches High-Severity Vulnerabilities in Junos OS

> Juniper Networks has patched multiple high-severity vulnerabilities in Junos OS, Junos OS Evolved, and Junos Space.

Honeywell DCS Platform Vulnerabilities Can Facilitate Attacks on Industrial Organizations

↺ Honeywell DCS Platform Vulnerabilities Can Facilitate Attacks on Industrial Organizations

> Cybersecurity company Armis has identified several vulnerabilities in Honeywell ICS products that could expose industrial organizations to attacks.

3 Tax Prep Firms Shared ‘Extraordinarily Sensitive’ Data About Taxpayers With Meta, Lawmakers Say

↺ 3 Tax Prep Firms Shared ‘Extraordinarily Sensitive’ Data About Taxpayers With Meta, Lawmakers Say

> A group of congressional Democrats reported that three large tax preparation firms sent “extraordinarily sensitive” information on tens of millions of taxpayers to Facebook parent company Meta over the course of at least two years.

gemini.tuxmachines.org