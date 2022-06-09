Security Leftovers
CISA Adds Eight Known Exploited Vulnerabilities to Catalog [Ed: 5 out of 8 of these are Apple!]
CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates.
ShiftLeft finds a 97% reduction in open source software vulnerabilities | SC Media
ShiftLeft on Thursday released some rare positive news on the AppSec front by reporting that based on millions of scans on its customers, they found a 97% reduction in open source software (OSS) vulnerabilities.
The researchers said by identifying and prioritizing OSS vulnerabilities that are actually attackable, AppSec teams and developers can now fix what matters, ship code faster, and improve security with fewer, better fixes.
In other significant findings, ShiftLeft’s report said by focusing on attackability and reduced false positives, developers can make fixes faster and reduce mean-time-to-remediate (MTTR). ShiftLeft reported a 37% year-over-year reduction in MTTR, which they say improves overall security posture and reduces the likelihood of attacks by reducing the time that vulnerabilities are exposed.
Security updates for Monday [LWN.net]
Security updates have been issued by Debian (openssl), Fedora (dotnet6.0, mediawiki, and python2.7), Mageia (389-ds-base, chromium-browser-stable, exo, and libtiff), Oracle (httpd:2.4 and microcode_ctl), SUSE (dbus-broker, drbd, kernel, liblouis, mariadb, openssl, openssl-1_1, openSUSE kernel modules, oracleasm, php7, php72, python39, salt, and wdiff), and Ubuntu (linux, linux-hwe, mozjs91, and vim).
What is Cloud Security – Definition, Importance, Benefits [Ed: Paradox as "clown computing" means outsourcing, so you've lost control of the systems; it's a data breach]
Adopting cloud computing services has helped many enterprises reduce costs, accelerate deployments, and develop at a larger scale. Today many businesses use cloud services as an alternative to traditional practices.
