Fear, Uncertainty, Doubt/Fear-mongering/Dramatisation and Security
PgMiner botnet attacks weakly secured PostgreSQL databases [Ed: How typical. When Catalin Cimpanu says "Only PostgreSQL databases running on Linux servers have been attacked so far" he's trying to attribute to "Linux" an issue that doesn't have anything to do with Linux or even "PostgreSQL" but incompetent systems administrators.]
FireEye breach: State-sponsored attackers stole hacking tools
“This attack is different from the tens of thousands of incidents we have responded to throughout the years,” Mandia shared.
“The attackers tailored their world-class capabilities specifically to target and attack FireEye. They are highly trained in operational security and executed with discipline and focus. They operated clandestinely, using methods that counter security tools and forensic examination. They used a novel combination of techniques not witnessed by us or our partners in the past.”
The attackers’ discipline, operational security, and techniques point to it being a state-sponsored attack, thought Mandia refrained from saying or speculating about which nation-state might be behind it. (According to The New York Times, the lead suspects at this moment are Russian hackers.)
The attackers accessed and stole FireEye’s Red Team tools, which the company uses to probe other organizations’ security posture to help them improve it.
Daniel Stenberg: the critical curl
Google has, as part of their involvement in the Open Source Security Foundation (OpnSSF), come up with a “Criticality Score” for open source projects.
Open Source Project Criticality Score 2020 for python projects
I just now found about Open Source Project Criticality Score under the Open Source Security Foundation (OpnSSF) from Daniel Stenberg's blog post.
He wrote about the critical C projects (all calculations are done only for Github based projects), so I decided to look at the list of the Python projects.
