Tux Machines
Security Leftovers
Posted by Roy Schestowitz on Aug 08, 2024
SANS ☛ A Survey of Scans for GeoServer Vulnerabilities, (Tue, Aug 6th)
It makes it easy to share geospatial data in various common standard formats.
Federal News Network ☛ How risk prioritization and automation can shape the future of federal cybersecurity
Federal agencies face a formidable challenge in navigating the deluge of emerging vulnerabilities while managing the remediation of existing ones.
Security Week ☛ Samsung Bug Bounty Program Payouts Reach $5M, Top Reward Increased to $1M
Samsung has paid out nearly $5 million through its bug bounty program since 2017 and the tech giant announced that the top reward has increased to $1 million.
OpenSSF (Linux Foundation) ☛ OSS Security Adventure: Recap of Recent Security-Focused Events Featuring OpenSSF
In July, Open Source Security Foundation (OpenSSF) participated in three key events that highlight its dedication to enhancing open source software security for the global public good: the United Nations OSPOs for Good 2024 Conference and the What’s Next for Open Source? Workshops both in New York City, as well as the OECD Global Forum on Digital Security for Prosperity (GFDSP) in Seoul, South Korea.
Security Week ☛ Thousands of Devices Wiped Remotely Following Mobile Guardian Hack
Hackers targeted MDM firm Mobile Guardian and remotely wiped thousands of devices, but there is no evidence of data compromise.
New York Times ☛ Microsoft Says Delta Was Largely Responsible for Flight Cancellations Amid Tech Outage [Ed: Parroting Microsoft, not studying facts]
The software company said in a letter that Delta Air Lines had falsely blamed Abusive Monopolist Microsoft for its decision to cancel thousands of flights after a tech outage.
SJVN ☛ Endor Labs makes open-source software security patches easier [Ed: Spammy? Ad?]
We must often upgrade software versions to fix critical vulnerabilities in OSS. However, such upgrades can be challenging and risk causing breaking existing applications. Fear of this and the complexity of determining what effect a patch will have on programs can deter administrators from implementing necessary upgrades. That's a mistake.