Security: Windows, 'DevSecOps', SSH, Bash and More
-
Electronic Health Records at 26 Hospitals Hit by Two-Hour Outage [iophk: "Windows TCO"]
Universal, which manages more than 350 health-care facilities in the U.S. and U.K., declined to specify the technical issues or say how many patient records were affected. The problem lasted for less than two hours and the affected hospitals have returned to normal operations, said Eric Goodwin, chief information officer of the King of Prussia, Pennsylvania-based company.
-
DevSecOps: 4 key considerations for beginners
Security used to be the responsibility of a dedicated team in the last development stage, but with development cycles increasing in number and speed, security practices need to be constantly updated.
This has led to the rise of DevSecOps, which emphasizes security within DevOps. Companies need DevSecOps to make sure their initiatives run safely and securely. Without DevSecOps, DevOps teams need to rebuild and update all their systems when a vulnerability is found, wasting time and effort.
-
OpenSSH to Keep Private Keys Encrypted at Rest in RAM
A commit for the OpenSSH project adds protection for private keys in memory when they are not in use, making it more difficult for an adversary to extract them through side-channel attacks leveraging hardware vulnerabilities.
OpenSSH is the most popular implementation of the SSH (Secure Shell) protocol, being the default solution in many Linux distributions for encrypting connections to a remote system.
-
OpenSSH adds protection against Spectre, Meltdown, Rowhammer and RAMBleed attacks
-
GNU Bash Unsupported Characters Heap-Based Buffer Overflow Vulnerability [CVE-2012-6711]
A vulnerability in the lib/sh/strtrans.c:anicstr function of GNU Bash could allow an authenticated, local attacker to execute code on a targeted system.The vulnerability is due buffer errors within the lib/sh/strtrans.c:anicstr function of the affected software. An attacker could exploit this vulnerability by providing print data through the echo built-in function. A successful exploit could allow the attacker to execute code on the targeted system.GNU Bash has confirmed this vulnerability and released a software patch.
-
Daily News Roundup: Malware in Your Pirated Software
Researchers at ESET and Malwarebytes have discovered crypto mining malware hidden in pirated music production software.
-
A Method for Establishing Liability for Data Breaches
Last month, the First American Financial Corporation—which provides title insurance for millions of Americans—acknowledged a cybersecurity vulnerability that potentially exposed 885 million private financial records related to mortgage deals to unauthorized viewers. These records might have revealed bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and driver’s license images to such viewers. If history is any guide, not much will happen and companies holding sensitive personal information on individuals will have little incentive to improve their cybersecurity postures. Congress needs to act to provide such incentives.
The story is all too familiar, as news reports of data breaches involving the release of personal information for tens of millions of, or even a hundred million, Americans have become routine. A company (or a government agency) pays insufficient attention to cybersecurity matters despite warnings that the cybersecurity measures it takes are inadequate and therefore fails to prevent a breach that could be remediated by proper attention to such warnings. In the aftermath of such incidents, errant companies are required by law to report breaches to the individuals whose personal information has been potentially compromised. Frequently, these companies also offer free credit monitoring services to affected individuals for a year or two.
- Login or register to post comments
- Printer-friendly version
- 4714 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
digiKam 7.7.0 is releasedAfter three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. |
Dilution and Misuse of the "Linux" Brand
|
Samsung, Red Hat to Work on Linux Drivers for Future TechThe metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. |
today's howtos
|
Recent comments
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago