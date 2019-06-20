Security: Windows, 'DevSecOps', SSH, Bash and More Electronic Health Records at 26 Hospitals Hit by Two-Hour Outage [iophk: "Windows TCO"] Universal, which manages more than 350 health-care facilities in the U.S. and U.K., declined to specify the technical issues or say how many patient records were affected. The problem lasted for less than two hours and the affected hospitals have returned to normal operations, said Eric Goodwin, chief information officer of the King of Prussia, Pennsylvania-based company.

DevSecOps: 4 key considerations for beginners Security used to be the responsibility of a dedicated team in the last development stage, but with development cycles increasing in number and speed, security practices need to be constantly updated. This has led to the rise of DevSecOps, which emphasizes security within DevOps. Companies need DevSecOps to make sure their initiatives run safely and securely. Without DevSecOps, DevOps teams need to rebuild and update all their systems when a vulnerability is found, wasting time and effort.

OpenSSH to Keep Private Keys Encrypted at Rest in RAM A commit for the OpenSSH project adds protection for private keys in memory when they are not in use, making it more difficult for an adversary to extract them through side-channel attacks leveraging hardware vulnerabilities. OpenSSH is the most popular implementation of the SSH (Secure Shell) protocol, being the default solution in many Linux distributions for encrypting connections to a remote system.

OpenSSH adds protection against Spectre, Meltdown, Rowhammer and RAMBleed attacks

GNU Bash Unsupported Characters Heap-Based Buffer Overflow Vulnerability [CVE-2012-6711] A vulnerability in the lib/sh/strtrans.c:anicstr function of GNU Bash could allow an authenticated, local attacker to execute code on a targeted system.The vulnerability is due buffer errors within the lib/sh/strtrans.c:anicstr function of the affected software. An attacker could exploit this vulnerability by providing print data through the echo built-in function. A successful exploit could allow the attacker to execute code on the targeted system.GNU Bash has confirmed this vulnerability and released a software patch.

Daily News Roundup: Malware in Your Pirated Software Researchers at ESET and Malwarebytes have discovered crypto mining malware hidden in pirated music production software.

A Method for Establishing Liability for Data Breaches Last month, the First American Financial Corporation—which provides title insurance for millions of Americans—acknowledged a cybersecurity vulnerability that potentially exposed 885 million private financial records related to mortgage deals to unauthorized viewers. These records might have revealed bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and driver’s license images to such viewers. If history is any guide, not much will happen and companies holding sensitive personal information on individuals will have little incentive to improve their cybersecurity postures. Congress needs to act to provide such incentives. The story is all too familiar, as news reports of data breaches involving the release of personal information for tens of millions of, or even a hundred million, Americans have become routine. A company (or a government agency) pays insufficient attention to cybersecurity matters despite warnings that the cybersecurity measures it takes are inadequate and therefore fails to prevent a breach that could be remediated by proper attention to such warnings. In the aftermath of such incidents, errant companies are required by law to report breaches to the individuals whose personal information has been potentially compromised. Frequently, these companies also offer free credit monitoring services to affected individuals for a year or two.

Enso OS, A Desktop Mix between Xubuntu and elementary OS Enso OS is a relatively new GNU/Linux distro based on Ubuntu with XFCE desktop coupled with Gala Window Manager. Looking at Enso is like looking at a mix between Xubuntu and elementary OS. It features a Super key start menu called Panther and a global menu on its top panel, making the interface very interesting to try. This overview briefly highlights the user interface for you.