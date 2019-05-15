Security Leftovers
-
[Florida] Panhandle county that backed Trump among Russian hacking victims [iophk: "Windows TCO"]
Washington County was one of two counties successfully hacked by Russians seeking voter information files. The FBI and the Department of Homeland Security in the past week have briefed Gov. Ron DeSantis and Florida’s congressional delegation about the attack, but federal authorities have asked that the names of the two counties be kept confidential.
-
Hacking democracies: Cataloguing cyber-enabled attacks on elections
Of the 97 national elections in free or partly free countries reviewed for this report during the period from 8 November 2016 to 30 April 2019, a fifth (20 countries) showed clear examples of foreign interference, and several countries had multiple examples (see the appendix to this report).17 It’s worth noting that confidence in attributions to foreign actors varied widely. In ideal circumstances, a government source made the attribution, but often the attribution was more informal. Our intention was not to provide an exhaustive list of every alleged case of foreign interference but instead to capture the spread of states experiencing the phenomenon and illustrative examples of different methods. Details on all examples identified through this research are set out in the appendix.
-
Slack patches vulnerability in Windows client that could be used to hijack files
The potential attack used a weakness in the way the "slack://" protocol handler was implemented in the Windows application. By creating a crafted link posted in a Slack channel, the attacker could alter the default settings of the client—changing the download directory, for example, to a new location with a URL such as “slack://settings/?update={‘PrefSSBFileDownloadPath’:’’}”. That path could be directed to a Server Message Block (SMB) file-sharing location controlled by the attacker. Once clicked, all future downloads would be dropped onto the attacker's SMB server. This link could be disguised as a Web link—in a proof-of-concept, the malicious Slack attack posed as a link to Google.
-
Protecting your computer against Intel’s latest security flaw is easy, unless it isn’t
The new vulnerabilities are built into Intel hardware and go by various names. ZombieLoad, Fallout, or RIDL are the catchy ones; the more technical name is Microarchitectural Data Sampling (MDS). Before we get into it more, you probably want to know what to do about it.
-
Sites infected as open source Alpaca Forms & analytics service Picreel compromised [Ed: JavaScript is a security threat and this isn't the fault of FOSS but of poor stewardship]
Hackers have breached two services and modified the JavaScript code to infect more than 4,600 websites with malware, according to security researchers.
-
The 10 Best Free and Open Source Identity Management Tools
Identity and access management must form the core of your cybersecurity policies and platforms. Securing credentials and verifying users can help deflect and prevent an overwhelming majority of data breaches. Indeed, IAM forms the modern enterprise’s digital perimeter; strong authentication protocols alone can help keep digital assets secure and keeps external and internal threat actors out.
-
Top 3 Open Source Tools for SAST
Static Application Security Testing, or SAST, is a type of security testing which analyzes the source code of an application to determine security flaws. It can also be termed as Source Code Analysis. SAST examines the source code before it’s compiled without executing anything. Due to this feature, it can be employed early in the development cycle to reap maximum benefits. This ensures that secure source code is written. Also, making early detection of security vulnerabilities lowers cost of fixing bugs post development.
-
Open Source Innovation in Cybersecurity
There is a convergence of growth in the number of protection vulnerabilities. The rise in hacker capabilities and tools are being enacted in the European Union, and businesses are expanding their investments in cybersecurity significantly. According to Global Market Insights, between 2019 and 2024, the demand for cybersecurity goods and assistance is assumed to grow from $120 billion to more than $300 billion annually. Estimation of Gartner affirms that by 2020 more than 60 percent of companies will have invested in multiple data security tools.
[...]
In smart cars, IoT platforms and cybersecurity software projects like Kali Linux, open source is a leading technology. While it has undergone exponential growth, the thriving proliferation of convenient source by banking networks, was not invariably a foregone conclusion.
-
Open Source Versioning: The Race to Stay Up-to-Date [Ed: The same is true for proprietary software, but companies like Microsoft bankrolled an industry of FUD that never speaks of back doors in blobs, only high-profile FOSS bugs]
Open source libraries, once shunned as risky and not ready for prime time, are now used extensively across major corporations, including insurers. The reason is simple: In time- and resource-constrained companies trying to stay technologically competitive, it doesn’t make sense anymore to try to reinvent a wheel that’s already been battle-tested. However, having made the commitment to open source code and solution sets, it’s imperative to keep up-to-date with open source library maintenance and updates.
-
Don't let security fall apart at the SIEMs. How open source search can upgrade SIEM to fight modern threats
-
WhatsApp hack: Is any app or computer truly secure?
-
- Login or register to post comments
- Printer-friendly version
- 727 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
Events: OpenStack, Open Source Day (OSD), and Intel
Latest Openwashing
Google: TensorFlow, Open Hardware and More on Collaboration
FOSS in Telco
Recent comments
7 hours 36 min ago
11 hours 22 min ago
1 day 3 hours ago
1 day 7 hours ago
1 day 10 hours ago
1 day 10 hours ago
1 day 11 hours ago
2 days 14 hours ago
2 days 14 hours ago
2 days 16 hours ago