Language Selection

English French German Italian Portuguese Spanish

Proprietary Software and Security

Filed under
Microsoft
Security
  • Microsoft’s Power Apps leaks data from 47 companies, report finds

    In June, UpGuard researchers submitted a vulnerability report to Microsoft Security Resource Center (MSRC), addressing the issue of OData feeds identification as it provides unidentified admission to a selection of data and URLs for accounts that were potentially exposing critical data.

  • Cyberattack Forces Memorial Health System to Divert Patients to Alternate Hospitals [iophk: Windows TCO]

    Memorial Health System operates three hospitals in Ohio and West Virginia, all of which have been affected by the attack. Since electronic health records were not accessible, patient safety was potentially put at risk, so the decision was taken to divert emergency patents.

  • Memorial Health System recovers from ransomware [iophk: Windows TCO]

    In a bulletin posted on its site, healthcare facility network Memorial Health System, based in West Virginia and Ohio, said it was beginning the process of recovery and restoration after being hit with a ransomware attack earlier in the week. The network reported on Sunday that it experienced an “information technology security incident” that caused it to suspend all online access across its 64 clinics, including hospitals Marietta Memorial, Selby General, and Sistersville General. Surgeries have been canceled, ambulances have been diverted, and clinic staff have had to work with paper charts. But on Wednesday, the network announced it had reached a “negotiated solution,” and that it is “beginning the process that will restore operations as quickly and as safely as possible.”

  • By Design: How Default Permissions on Microsoft Power Apps Exposed Millions

    We had discovered over a thousand anonymously accessible lists across a few hundred portals that needed to be analyzed and potentially notified. Ideally, Microsoft would have been involved in doing so, but our attempt to pursue this option thus far had been unsuccessful– though Microsoft would later take action after we had notified some of the most severe exposures. We spent the next few weeks analysing the data for indicators of sensitivity and reaching out to affected organizations. The notification timelines and data classes for some of the most significant exposures are described below to give a sense of the prevalence and impact of this design decision.

  • Cybersecurity company flags Microsoft Power Apps data leak of 38M records

    The types of data included names, email addresses, personal information used for COVID-19 contact tracing, COVID-19 vaccination appointments, Social Security numbers for job applicants and employee IDs.

  • Cyber insurance market encounters ‘crisis moment’ as ransomware costs pile up [iophk: Windows TCO]

    Two separate CEOs of major insurance giants remarked in recent weeks about a considerable jump in cyber insurance premium prices: AIG’s chief executive said rates increased by 40% for its clients, while Chubb’s chief executive said that company was charging more, too.

    Rather than welcoming the trend, Chubb CEO Evan Greenberg offered a warning. Those price increases, he said, still don’t reflect the grave risk that a catastrophic cyber event poses. “That is not addressing by itself the fundamental issue,” he said.

  • Healthcare provider expected to lose $106.8 million following ransomware attack [iophk: Windows TCO]

    The bulk of the losses, representing $91.6 million, came from lost revenues during the four weeks the organization needed to recover from the May ransomware attack.

    Scripps also lost $21.1 million in costs associated with response and recovery. While the company said it recovered $5.9 million through its insurance policy, the healthcare provider said it expects to lose an estimated $106.8 million by the end of the year.

    The losses stemming from the ransomware attack do not include potential losses due to litigation.

  • The pandemic revealed the health risks of hospital ransomware attacks [iophk: Windows TCO]

    The findings, which are still unpublished, should help push back on any groups hesitant to say that cyberattacks are dangerous for patients, says Josh Corman, a senior adviser to CISA, the federal agency that advises on government and private sector cybersecurity issues. “We should stop pretending that there is no harm to human life from cyber attacks,” he says.

  • Microsoft Is Going to Make it Difficult for Chromebook Owners to Use Word Offline [Ed: Any excuses to hamper competition]

    About Chromebooks reminded me there is an Office Editing extension from Google that lets you download Word, Excel, and PowerPoint files to edit with Google Docs, Sheets, and Slides. It enables you to edit those files in Google Docs without the [Internet], and it stays dormant in the background until it senses an active connection, when it then uploads your changes. There are also open-source alternatives to opening and editing Office files, namely the Linux version of LibreOffice, a relatively easy install on the Chromebook if you’re not intimidated by Linux apps.

More in Tux Machines

Kernel: Paul E. Mc Kenney and New Stuff in Linux

  • Paul E. Mc Kenney: TL;DR: Memory-Model Recommendations for Rusting the Linux Kernel

    These recommendations assume that the initial Linux-kernel targets for Rust developers are device drivers that do not have unusual performance and scalability requirements, meaning that wrappering of small C-language functions is tolerable. (Please note that most device drivers fit into this category.) It also assumes that the main goal is to reduce memory-safety bugs, although other bugs might be addressed as well. Or, Murphy being Murphy, created as well. But that is a risk in all software development, not just Rust in the Linux kernel. Those interested in getting Rust into Linux-kernel device drivers sooner rather than later should look at the short-term recommendations, while those interested in extending Rust's (and, for that matter, C's) concurrency capabilities might be more interested in the long-term recommendations.

  • Verification Challenges

    You would like to do some formal verification of C code? Or you would like a challenge for your formal-verification tool? Either way, here you go!

  • Cluster Scheduler Support Queued Ahead Of Linux 5.16 - Phoronix

    Cluster scheduler support has been queued up for landing in the Linux 5.16 kernel for AArch64 and x86_64 systems for improving the CPU scheduler behavior for systems that have clusters of CPU cores. The cluster scheduler support in this context is about enhancing the Linux kernel's scheduler for systems where sets of CPU cores share an L2 cache or other mid-level caches/resources. This cluster scheduler work stems from work by HiSilicon and Huawei aiming to improve the Linux performance for the Kunpeng 920 server chip. That HiSilicon SoC has six or eight clusters per NUMA node with four CPU cores per cluster and a shared L3 cache. With the cluster scheduler patches they were able to enhance the overall performance of the system and also improve the efficiency.

  • AMD Finally Enabling PSR By Default For Newer Hardware With Linux 5.16 - Phoronix

    With it getting late into the Linux 5.15 kernel cycle, the focus is shifting by the Direct Rendering Driver maintainers from new feature work targeting the next cycle (5.16) to instead on bug fixes. AMD sent out a pull request of new AMDGPU Linux 5.16 material this week that is primarily delivering bug fixes but one notable addition is finally enabling PSR by default for newer GPUs.

  • Intel Compute-Runtime 21.41.21220 Ships Updated DG1 Support - Phoronix

    Intel's open-source engineers have shipped Compute-Runtime 21.41.21220 as the newest version of this Linux compute stack enabling OpenCL and Level Zero support with their graphics processors. Intel Compute-Runtime 21.41.21220 is the latest weekly update for this compute stack. New this week is updated DG1 platform support and Level Zero support for SPIR-V static module linking.

OpenSSH, Squid, PostgreSQL Update in Tumbleweed

Three openSUSE Tumbleweed snapshots released this week have brought updates for text editors, browsers, emails clients, database management systems and many other pieces of software. Mozilla Firefox, Thunderbird, nano, and PostgreSQL were all in the latest 20211012 snapshot. A new major version of Firefox 93.0 added support for the optimised image format AVIF, which offers a significant file size reduction as opposed to other image formats. The browser also improved web compatibility for privacy protections and fixed more than a handful of Common Vulnerabilities and Exposures. Thunderbird 91.2.0 addressed many of the same CVEs, fixed some issues with the calendar and fixed the new mail notifications that did not properly take subfolders into account. The 5.9 version of text editor nano added syntax highlighting for YAML files and fetchmail 6.4.22 added a few patches, addressed a CVE related to an IMAP connections and now highlights being compatible with OpenSSL 1.1.1 and 3.0.0. The new major version of postgresql 14 provided improvements for heavy workloads, enhanced distributed workloads and added a couple more predefined roles like pg_read_all_data, pg_write_all_data and pg_database_owner. Other packages to update in the snapshot were GNOME’s document viewer evince 41.2, Flatpak 1.12.1, graphics library gegl 0.4.32, glusterfs 9.3 and many RubyGems and YaST package updates. Read more Also: openSUSE Tumbleweed – Review of the weeks 2021/40 & 41

Games: Dystopian Army Builder, Hellraid DLC, and More

  • Uh oh, looks like Despot's Game: Dystopian Army Builder is going to suck all my time away | GamingOnLinux

    Despot's Game: Dystopian Army Builder is a brand new release from Konfa Games and tinybuild that sees you command a bunch of naked people and send them through a strange post-apocalyptic labyrinth. Note: personal purchase. Like it Loop Hero, you have no direct control during combat you just watch it play out and hope for the best. Here though you're running through some kind of maze-like dungeon full of strange machines, with multiple people you need to look after. They'll likely die a lot though, don't get too attached, you can buy more naked people. Eventually you might come across the nefarious d’Spot who runs the show and perhaps destroy them to earn your freedom. It blends together quite a few different genres and it feels totally unique. The structure is a bit like The Binding of Isaac with you going from room to room, it's also a strategy game with you buying people and equipping them with various weapons you buy from shops spread throughout the maze and then there's the fusion of auto battling so you can sit back and watch the mess unfold.

  • Techland continue expanding the Hellraid DLC as they try to improve reviews | GamingOnLinux

    When Techland released the Hellraid DLC in August 2020 inspired by their unreleased dark fantasy slasher Hellraid the reviews were not kind, as it was very basic but they've kept at it and another big update is out now.

  • Brawlhalla to get Easy Anti-Cheat, dev puts up Beta with EAC working on Linux with Proton | GamingOnLinux

    Blue Mammoth Games announced that later in October that the platform-fighter Brawlhalla will be getting Easy Anti-Cheat. Thankfully, they've put up a Beta for Linux users playing it on Steam Play Proton and it works.

  • Apple is now funding Blender development joining many big names | GamingOnLinux

    There's apparently absolutely no stopping the Blender train, with the developer announcing that Apple has now joined their development fund.

  • Valve banning games that allow exchanging cryptocurrencies or NFTs | GamingOnLinux

    It seems Valve aren't a big fan of cryptocurrencies or NFTs as they've updated their onboarding guide with a new point about disallowing games that allow you to exchange them. Under the Rules and Guidelines heading where it mentions "What you shouldn’t publish on Steam" there's a new line that states "Applications built on blockchain technology that issue or allow exchange of cryptocurrencies or NFTs".

  • Check out this crowdfunding campaign to learn Godot Engine from GDQuest | GamingOnLinux

    GDQuest, a well-known name in the free and open source Godot Engine land has launched a new crowdfunding campaign aiming to get you to go from zero to hero with Godot programming. A course aimed at anyone and everyone who fancies getting into making games with Godot. The founder of GDQuest, Nathan Lovato, emailed in a little info about it: " Learn to Code From Zero is a course for everyone who wants to learn development. With it, you will learn programming from the very basics to creating a complete video game inspired by the hectic action game Enter the Gungeon. Game development courses typically consist of hours of step-by-step tutorials. They feel nice while you follow along, but as soon as you're left alone, working on your game, you get stuck.

LibreOffice Leftovers

  • Michael Meeks/2021-10-15 Friday

    After Italo's keynote announcement of the new LibreOffice Technology marketing plan at the LibreOffice conference, we lost no time integrating this great way to fairly present the goodness of LibreOffice that we depend on to build Collabora Online & Collabora Office mobile into the product. With new links that can take you to our LibreOffice Technology page where we can celebrate the community & credit all the hard work done under the hood here, and of course the logo. Still a work-in-progress, and will start to appear in our products over the next weeks as/when we refresh them, but so far it looks like this for desktop & mobile [...] up-coming COOL About dialog up-coming COOL About dialog Thanks to Italo & Mike at TDF for developing the concept, and also to Pedro & Elisa, for their work on the code & logos - we'll be iterating it with them over the next days & weeks.

  • Let's do awesome things! Get support for your projects and ideas from our budget - The Document Foundation Blog

    Want to organise a local (or online) LibreOffice event? Need some merchandise to boost your project or community? Then we can help you! The Document Foundation, the non-profit behind LibreOffice, is backed by contributions from ecosystem members and volunteers, as well as donations from end-users. This helps us to maintain TDF, but we can do a lot more too. And next year, we want to do a lot of projects again!

  • Next batch of videos from the LibreOffice Conference 2021 - The Document Foundation Blog

    Here are some more videos from the LibreOffice Conference 2021! Check out the playlist, using the button in the top-right – or scroll down for links to individual videos...

  • Automated bibisect to find source of a bug - LibreOffice Development Blog

    In programming, we usually face bugs that we should fix to maintain or improve our software. In order to fix a bug, first we should find the source of the problem, and there are tools like “Automated bibisect” are available to help, specially when the bug is a regression.