Tux Machines

Integrity, TCO, and Security Isssues

Posted by Roy Schestowitz on Dec 18, 2023

Security

OpenSSF (Linux Foundation) ☛ OpenSSF Expands Support for Hey Hi (AI) Cyber Challenge (AIxCC)

In August 2023, OpenSSF announced our partnership with DARPA, to support the Hey Hi (AI) Cyber Challenge (AIxCC). We set up a generative Hey Hi (AI) and autonomy for cybersecurity (GaiaCS) project to support our partnership activities and today, we are excited to announce that OpenSSF has brought on board Will Pearce and Nick Landers to support GaiaCS and AIxCC.

Seth Michael Larson ☛ 2023-12-14 [Older] Python listed as memory-safe language in latest CISA recommendations

Bleeping Computer ☛ MongoDB says customer data was exposed in a cyberattack

MongoDB is warning that its corporate systems were breached and that customer data was exposed in a cyberattack that was detected by the company earlier this week.

In emails sent to MongoDB customers from CISO Lena Smart, the company says they detected their systems were hacked on Wednesday evening (December 13th) and started investigating the incident.

Fear, Uncertainty, Doubt/Fear-mongering/Dramatisation

Gray Dot Media Group ☛ New ‘NKAbuse’ Linux Malware Uses Blockchain Technology to Spread [Ed: The issue here is an Apache program, not "Linux".]

Cybersecurity researchers from Kaspersky’s Global Emergency Response Team (GERT) have identified that the NKAbuse malware is actively targeting devices in Colombia, Mexico, and Vietnam.

Kaspersky’s Global Emergency Response Team (GERT) has discovered a new multiplatform malware threat that uses innovative tactics to hijack victims. The malware, dubbed NKAbuse, uses New Kind of Network (NKN) technology, a blockchain-powered peer-to-peer network protocol to spread its infection.

CISA

CISA ☛ 2023-12-13 [Older] CISA and Partners Release Advisory on Russian SVR-affiliated Cyber Actors Exploiting CVE-2023-42793

CISA ☛ 2023-12-14 [Older] CISA Releases Seventeen Industrial Control Systems Advisories

CISA ☛ 2023-12-14 [Older] FortiGuard Releases Security Updates for Multiple Products

CISA ☛ 2023-12-12 [Older] Adobe Releases Security Updates for Multiple Products

CISA ☛ 2023-12-12 [Older] Apple Releases Security Updates for Multiple Products

CISA ☛ 2023-12-12 [Older] Microsoft Releases Security Updates for Multiple Products

CISA ☛ 2023-12-14 [Older] Johnson Controls Kantech Gen1 ioSmart

CISA ☛ 2023-12-14 [Older] Siemens User Management Component (UMC)

CISA ☛ 2023-12-14 [Older] Siemens SIMATIC and SIPLUS Products

CISA ☛ 2023-12-14 [Older] Siemens OPC UA Implementation in SINUMERIK ONE and SINUMERIK MC

CISA ☛ 2023-12-14 [Older] Siemens Web Server of Industrial Products

CISA ☛ 2023-12-14 [Older] Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1

CISA ☛ 2023-12-14 [Older] Siemens SINUMERIK

CISA ☛ 2023-12-14 [Older] Siemens SCALANCE and RUGGEDCOM M-800/S615 Family

CISA ☛ 2023-12-14 [Older] Siemens RUGGEDCOM and SCALANCE M-800/S615 Family

CISA ☛ 2023-12-14 [Older] Siemens SINEC INS

CISA ☛ 2023-12-12 [Older] The Apache Software Foundation Updates Struts 2

CISA ☛ 2023-12-12 [Older] CISA Releases SCuBA Google Workspace Secure Configuration Baselines for Public Comment

CISA ☛ 2023-12-12 [Older] CISA Releases Two Industrial Control Systems Advisories

CISA ☛ 2023-12-12 [Older] Schneider Electric Easy UPS Online Monitoring Software

CISA ☛ 2023-12-12 [Older] Schneider Electric Easy UPS Online Monitoring Software

CISA ☛ 2023-12-11 [Older] CISA Adds One Known Exploited Vulnerability to Catalog

Windows TCO

RIPE ☛ 2023-12-11 [Older] Security Control Changes Due to TLS Encrypted ClientHello