Tux Machines

Security Leftovers

Posted by Roy Schestowitz on May 03, 2024

Red Hat and Fedora News

KDE: KOrganizer and Goal Sprint 2024

↺ Old Padlock

Scoop News Group ☛ How to fine-tune the White House’s new critical infrastructure directive [Ed: Is removal of Windows not on the table?]

↺ How to fine-tune the White House’s new critical infrastructure directive

> National Security Memorandum 22 represents a good first step to better protect America’s critical infrastructure.

LWN ☛ Security updates for Wednesday

↺ Security updates for Wednesday

> Security updates have been issued by Debian (nghttp2 and qtbase-opensource-src), Mageia (cjson, freerdp, guava, krb5, libarchive, and mediawiki), Oracle (container-tools:4.0 and container-tools:ol8), Red Hat (bind, buildah, container-tools:3.0, container-tools:rhel8, expat, gnutls, golang, grafana, kernel, kernel-rt, libreswan, libvirt, linux-firmware, mod_http2, pcp, pcs, podman, python-jwcrypto, rhc-worker-script, shadow-utils, skopeo, sssd, tigervnc, unbound, and yajl), SUSE (kernel and python311), and Ubuntu (gerbv and node-json5).

Security Week ☛ Google Boosts Bug Bounty Payouts Tenfold in Mobile App Security Push

↺ Google Boosts Bug Bounty Payouts Tenfold in Mobile App Security Push

> Researchers can earn as much as $450,000 for a single vulnerability report as Surveillance Giant Google boosts its mobile vulnerability rewards program.

Security Week ☛ Oasis Security Raises $35 Million to Tackle Non-Human Identity Management

↺ Oasis Security Raises $35 Million to Tackle Non-Human Identity Management

> New York startup Oasis Security banks $35 million in a Series A extension round led by Accel, Cyberstarts, and Sequoia Capital.

Security Week ☛ Cuttlefish Malware Targets Routers, Harvests Cloud Authentication Data

↺ Cuttlefish Malware Targets Routers, Harvests Cloud Authentication Data

> Cuttlefish malware platform roaming around enterprise SOHO routers capable of covertly harvesting public cloud authentication data from internet traffic.

OpenSSF (Linux Foundation) ☛ OpenSSF Taps Bruce Schneier to Discuss Hey Hi (AI) and OSS Security During Keynote at SOSS Fusion Conference 2024

↺ OpenSSF Taps Bruce Schneier to Discuss Hey Hi (AI) and OSS Security During Keynote at SOSS Fusion Conference 2024

Security Week ☛ Change Healthcare Cyberattack Was Due to a Lack of Multifactor Authentication, UnitedHealth CEO says [Ed: Shifting the blame away from Microsoft much?]

↺ Change Healthcare Cyberattack Was Due to a Lack of Multifactor Authentication, UnitedHealth CEO says

> UnitedHealth CEO Andrew Witty said in a U.S. Senate hearing that his company is still trying to understand why the server did not have the additional protection.

Scoop News Group ☛ Data stolen in Change Healthcare attack likely included U.S. service members, executive says

↺ Data stolen in Change Healthcare attack likely included U.S. service members, executive says

> UnitedHealth Group CEO Andrew Witty tells Senate committee that Change Healthcare didn’t have MFA enabled on the server that was attacked in February, resulting in a $22 million ransom payment.

gemini.tuxmachines.org