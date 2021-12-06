Language Selection

English French German Italian Portuguese Spanish

Proprietary Software Leftovers

Submitted by Roy Schestowitz on Thursday 24th of March 2022 11:13:42 AM Filed under
Misc

  • FBI 'concerned' about possible Russian cyberattacks on critical infrastructure [iophk: Windows TCO]

    FBI Director Christopher Wray on Tuesday warned the private sector to prepare for potential cyberattacks, saying U.S. agents were "particularly focused on the destructive cyber threat" from Russian agents.

    The FBI director spoke just a day after The White House warned companies to bolster defenses and prepare for potential cyberattacks while the Russian invasion of Ukraine intensifies as it approaches a month since forces entered the country.

    Speaking at the Detroit Economic Forum, Wray mentioned the attack on Colonial Pipelines last year, which shut down one of the largest pipelines on the East Coast for five days. A criminal group based in Russia was responsible for the cyberattack.

  • Ransomware incidents in US much higher than number reported: claim [iophk: Windows TCO]

    The FBI has ranked ransomware outside the top six online threats to Americans in terms of cost in a 2021 report, but a ransomware researcher claims this is misleading as most ransomware attacks are not reported.

  • Adelstein Departing WIA, Ransomware Still ‘Ongoing Threat,’ USCellular New Board Nominees [iophk: Windows TCO]

    Almost 80 percent of state and local information technology leaders say ransomware is an “ongoing threat,” but more than half of that 80 percent do not have a ransomware incident response plan, according to a national survey from Palo Alto Networks released Tuesday.

    The survey also found that only 31 percent know that they have a completed incident response plan.

  • A Closer Look at the LAPSUS$ Data Extortion Group

    Microsoft and identity management platform Okta both this week disclosed breaches involving LAPSUS$, a relatively new cybercrime group that specializes in stealing data from big companies and threatening to publish it unless a ransom demand is paid. Here’s a closer look at LAPSUS$, and some of the low-tech but high-impact methods the group uses to gain access to targeted organizations.

  • Microsoft confirms breach by Lapsus$ [cracker] group

    Microsoft said in the post that Lapsus$, also known as DEV-0537, had breached one account, resulting in “limited access” but not to the data of any of the tech giant’s customers.

  • A teen is reportedly the mastermind behind the Lapsus$ [cracking] group

    The teenager is apparently based about five miles outside of Oxford University, and Bloomberg says it was able to speak to his mother for ten minutes through a “doorbell intercom system” at the home. The teenager’s mother told the publication she did not know of allegations against him. “She declined to discuss her son in any way or make him available for an interview, and said the issue was a matter for law enforcement and that she was contacting the police,” Bloomberg said.

    Lapsus$ apparently doesn’t just consist of the England-based teenager, though. Bloomberg reports that one suspected member is another teenager in Brazil and that seven unique accounts have been linked with the group. One of the members is apparently such a capable [cracker] that researchers thought the work was automated, one person involved in research about the group told Bloomberg.

  • Reports: Okta and Microsoft breached by LAPSUS$ [cracking] group

    Data breaches affecting the tech industry’s largest companies are fairly rare. Major tech firms make significant investments in cybersecurity: Microsoft, for example, spends about $1 billion every year on protecting its network from [crackers]. The recent data breaches targeting tech giants could lead the industry’s major players, as well as smaller companies such as startups, to further expand their cybersecurity operations.

  • Microsoft accepts cybercriminal group Lapsus$ [acquired] its data

    Microsoft has confirmed that the [cracking] group Lapsus$ had gained "limited access" to the US tech giant's data. Microsoft accepted the event of [cracking] in a security blog post by the company. The American tech giant has stated that the [cracking] group infiltrated "a single account." However, Microsoft assured that no customer code or data was compromised in this cyberattack.

  • Okta knew about breach in January, kept mum until Lapsus$ post

    Identity services provider Okta took two months to reveal a breach at a third-party provider and waited until the data that leaked out was exposed by a group of attackers known as Lapsus$.

  • Cobalt Strike: Overview – Part 7

    This is an overview of a series of 6 blog posts we dedicated to the analysis and decryption of Cobalt Strike traffic. We include videos for different analysis methods.

  • F-Secure announces name of corporate business ahead of company split

    F-Secure Corp. today revealed its new brand for its corporate security business ahead of a move to split its business into two companies later this year.

    The new company will be known as WithSecure. The name was picked to reinforce the belief that facing cybersecurity challenges together produces far better results than trying to protect anything alone and was created in collaboration with F-Secure employees, reseller partners and clients.

  • Ex-Gov. Rick Snyder, 4 others charged in Flint water crisis must testify

    Snyder and the government officials will therefore have to testify in a civil trial brought by four children from Flint against two engineering companies involved in the water crisis. Attorneys for the officials had argued that the Fifth Amendment entitles them to blanket immunity from any questions during the civil trial.

  • White House Urges Companies To Protect Data From Russian Hacks With Encryption; While Congress Looks To Effectively Outlaw Encryption

    Earlier this week, the Biden administration urged companies to protect against potential cyberattacks from Russia, which seems like pretty good advice....

»

More in Tux Machines

Best Linux Distributions for Scientists and IT Professionals

In the world of Linux distributions, there are categories that have served their purpose to the benefit of everyone in the open-source community. One of the bigger advantages when it comes to using Linux is the ability to choose. In this case, a designated category of distributions for Science. Some people may think that Linux is just a distribution of a single operating system. In reality, it’s a plethora of distributions all working together in harmony. Distributions as we all know, are variations in terms of flavor that are mostly using a generic base in the form of Ubuntu, Debian, or Arch with distinctions in their varying user interface and experience. The problem is that the major distributions are not sufficiently clear on what they are actually delivering. Just to name one popular distro, Linux Mint is a good example that is not very easy to choose for the specialists despite its bells and whistles. Distributions that target the related keyword will enjoy the most benefit and in such a case, we’re introducing the best Linux distributions for the science crowd/nerds out there. Read more

Linux Training Model: What A Linux Course Should Look Like

Whether you’re an independent developer trying to design a course and sell it or need to make material to introduce employees to using Linux, the first step in making a model is understanding what it should comprise. Training models are of different types, and there’s a lot of flexibility in how you can approach teaching the material. However, it is important for any training model to solve a specific problem for the learners and present the material in the simplest manner possible. To learn more about how to build training modules, check out this guide. Read more

IBM/Red Hat Leftovers

  • IT leadership: 3 reasons emotional intelligence is vital

    As the effects of the pandemic continue to impact peoples' lives, IT leaders’ ability to identify, manage, and understand emotions in themselves and in others has never been more important. We need to connect with our people in new, more personal ways to help them cope with stresses many have never encountered before. This requires a heavy dose of emotional intelligence. This term, also known as emotional quotient, or EQ, is defined in a few ways. But generally speaking, an emotionally intelligent person has the ability to identify their emotions, apply them to problem-solving situations, and manage them positively.

  • Hybrid and remote work: 3 new leadership rules

    In 2020, most companies empowered their employees to work from their homes, ushering in an era of remote work. While this work model has been met with challenges, it has also become a welcome shift for workers looking for flexibility and a new way to manage work/life balance.

  • A guide to implementing DevSecOps

    DevSecOps adoption offers your enterprise improved security, compliance, and even competitive advantages as it faces new threat vectors, a new world of work, and demanding customers. It's only a matter of time before DevSecOps subsumes DevOps because it offers the same core practices but adds a security focus to each phase of the development lifecycle.

  • Making the case for openness as the engine of human progress

    It's an ambitious manifesto, reaching for global scale, arguing that the future progress of the whole world now depends, existentially, on nations' and societies' embrace of open practices. The call is also particularly timely: 1990s-era optimism about burgeoning openness in Western societies is today ceding to a more pessimistic reality. Recent commentators seem to echo George Will, who said September 11, 2001 marked "the end of our holiday from history."

  • Red Hat Developer roundup: Best of March 2022 | Red Hat Developer

    Welcome to our monthly recap of the articles we published in March 2022! This month, Red Hat Developer readers flocked to articles to help them write code on the platforms they trust. You can learn more about modular Perl in Red Hat Enterprise 8, get into the details of testing and code coverage in the Node.js reference architecture, or dive deeper into Quarkus in the latest installment of our Quarkus from the ground up series.

FOSSForce on Events

  • Free & Online: Open Source 101 on Tuesday (In-Person Meetup in April)

    If there’s one thing that Todd Lewis and the crew at All Things Open do better than present online open source events, it’s staging events that are live and in-person. With the latest omicron surge appearing to be rapidly receding, ATO was able to announce on Tuesday that live open source events will be returning to Raleigh — a city I like to call Silicon Valley East — on April 19.

    But first there’s a big one-day event coming up on Tuesday March 29 to rock your at-home world.

  • Fedora Plans to Party for 36 Like It’s 2022!

    If you’re a Fedora user, you might want to mark your calendar for May 12-14. It seems that the distro is planning a party for the release of Fedora 36.

    It wasn’t that long ago that Fedora was considered to be primarily a developers’ distro (“a distro designed by developers for developers,” I often heard), meaning it was popular among those who spent spent their days at the command line building software (therefore knowing “how radio works,” as Firesign Theater might say), but was a bit difficult for mere mortals who only wanted to do simple things such as rocket science (because computer science certainly ain’t that).

More on Tux Machines: AboutGalleryForumBlogsSearchNewsRSS Feed

Part of Bytes Media ● Sister sites below.

TechBytes Techrights button

Powered by Drupal, an open source content management system

Content available under CC-BY-SA CC

© by original authors

Powered by CentOS 6.5 (GNU/Linux), Varnish, and Drupal 6