Security: Updates, Accenture, Equifax, Passwords, United Airlines, Grafeas Project
-
Security updates for Thursday
-
Accenture The Latest To Leave Sensitive Customer Data Sitting Unprotected In The Amazon Cloud
What is it exactly that makes not storing sensitive customer data unprotected on an Amazon server so difficult for some people to understand?
Verizon recently made headlines after one of its customer service vendors left the personal data of around 6 million consumers just sitting on an Amazon server without adequate password protection. A GOP data analytics firm was also recently soundly ridiculed after it left the personal data of around 198 million adults (read: almost everybody) similarly just sitting on an Amazon server without protection. Time Warner Cable (4 million impacted users) and an auto-tracking firm named SVR Tracking (540,000 users) also did the same thing.
-
Equifax rival TransUnion also sends site visitors to malicious pages
Equifax isn't the only credit-reporting behemoth with a website redirecting visitors to fake Adobe Flash updates. A security researcher from AV provider Malwarebytes said transunioncentroamerica.com, a TransUnion site serving people in Central America, is also sending visitors to the fraudulent updates and other types of malicious pages.
As Ars reported late Wednesday night, a portion of Equifax's website was redirecting visitors to a page that was delivering fraudulent Adobe Flash updates. When clicked, the files infected visitors' computers with adware that was detected by only three of 65 antivirus providers. On Thursday afternoon, Equifax officials said the mishap was the result of a third-party service Equifax was using to collect website-performance data and that the "vendor's code running on an Equifax website was serving malicious content." Equifax initially shut down the affected portion of its site, but the company has since restored it after removing the malicious content.
-
Changes in Password Best Practices
-
[Ubuntu] Security Team Weekly Summary: October 12, 2017
-
United Airlines syncs Windows, Linux patch cycles
The airline operates three data centres in Chicago, Denver and San Francisco, which collectively house nine Oracle converged Oracle SuperClusters, as well as HP blade servers running Oracle Linux.
[...]
Unix engineering senior manager Marshall Weymouth told the recent Oracle Openworld 2017 conference that the airline's security team wanted the Windows and Linux teams to synchronise their patch cycles.
-
Google, IBM and others launch an open-source API for keeping tabs on software supply chains
Thanks to containers and microservices, the way we are building software is quickly changing. But as with all change, these new models also introduce new problems. You probably still want to know who actually built a given container and what’s running in it. To get a handle on this, Google, JFrog, Red Hat, IBM, Black Duck, Twistlock, Aqua Security and CoreOS today announced Grafeas (“scribe” in Greek), a new joint open-source project that provides users with a standardized way for auditing and governing their software supply chain.
-
Grafeas Project Debuts to Improve Kubernetes Supply Chain Security
-
Google, IBM launch open API for auditing and governing software pipelines
-
New open-source project led by Google aims to help companies track the history of their software
-
Google and friends open-source Grafeas API to clean up software supply chains
-
IBM, Google launch open source container security tool for developers
- Login or register to post comments
- Printer-friendly version
- 3471 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
digiKam 7.7.0 is releasedAfter three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. |
Dilution and Misuse of the "Linux" Brand
|
Samsung, Red Hat to Work on Linux Drivers for Future TechThe metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. |
today's howtos
|
Recent comments
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago