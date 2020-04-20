Security Leftovers Security updates for Thursday Security updates have been issued by Arch Linux (openssl), openSUSE (freeradius-server, kernel, thunderbird, and vlc), Oracle (git, java-1.7.0-openjdk, java-1.8.0-openjdk, and java-11-openjdk), SUSE (ardana-ansible, ardana-barbican, ardana-db, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, documentation-suse-openstack-cloud, memcached, openstack-manila, openstack-neutron, openstack-nova, pdns, python-amqp, rubygem-puma, zookeeper, cups, kernel, ovmf, and pacemaker), and Ubuntu (openjdk-8, openjdk-lts and re2c).

Daniel Stenberg: Report: curl’s bug bounty one year in On April 22nd 2019, we announced our current, this, incarnation of the curl bug bounty. In association with Hackerone we now run the program ourselves, primarily funded by gracious sponsors. Time to take a closer look at how the first year of bug bounty has been!

Firefox’s Bug Bounty in 2019 and into the Future Firefox has one of the oldest security bug bounties on the internet, dating back to 2004. From 2017-2019, we paid out $965,750 to researchers across 348 bugs, making the average payout $2,775 – but as you can see in the graph below, our most common payout was actually $4,000!

Multiple Malware Campaigns Demonstrate How Cybercriminals Exploit SSH Keys

How Healthcare Providers Can Prevent Security Vulnerabilities Unfortunately, despite strict compliance regulations, there are still many exploited vulnerabilities misconfigurations that occur in healthcare systems. These issues can result in serious breaches of security and patient privacy and must be corrected. Some of these issues are outside of your control. For example, if vendors unknowingly leave bugs in software or have not yet provided a patch for known vulnerabilities. Others occur due to poor management or lack of best practices. For example, not properly restricting access privileges or not encrypting data. [...] The consequences of a regular data breach range from monetary fines to loss of brand authority, and sometimes even bankruptcy. However, the consequences of a breached healthcare environment can be a matter of life and death. To ensure the security of healthcare data, providers should implement a number of strategies. Security strategies for healthcare providers include enforcing granular access controls, as well as staying updated on vulnerabilities and prioritizing mitigation on a continual basis. For improved visibility and better control, you can also centralize your overall security. However, what could help most is establishing a security culture that educates personnel and reduces the scope of insider threats. This can help enlist connected users to the overall protection of healthcare networks, systems, and data.

Microsoft Issues Out-Of-Band Security Update For Office, Paint 3D Microsoft has released an out-of-band security update for Microsoft Office, Office 365 ProPlus and Paint 3D. The applications are affected by multiple Autodesk vulnerabilities that, if exploited, could enable remote code execution.

Locking Down Linux For The Enterprise Security has always been important for datacenter operators, but the days of putting a ring of protection around the datacenter and then walking away satisfied in the knowledge that the data and applications therein were protected from outside forces are long over. Cloud computing, the Internet of Things (IoT), the edge, containers and the rapid growth in the number of mobile devices have all contributed to the expansion of IT outside of core datacenters, creating a highly distributed environment where the bulk of data is created and applications are access beyond the firewall. Add in the growing numbers and increasing sophistication of cyber-threats and security becomes a much more complex calculation. Because of this, the growing expectation for years now has been that hardware, component and software makers would embed security into their products to ensure security regardless of whether they were running in the datacenter or somewhere out in the wild. Enterprises will gravitate toward vendors with reputations for strong security and privacy features in their offerings, which can drive growth for those that make the investment. It’s something that Canonical is emphasizing as it looks to extend its open-source Ubuntu Linux operating system deeper into the enterprise and cloud datacenters.