Security Leftovers
-
OpenSSF (Linux Foundation) ☛ Introducing gittuf: A Security Layer for Git Repositories
We’re pleased to announce that gittuf, a security layer for Git repositories, has joined the OpenSSF as a sandbox project. The project is housed under the Supply Chain Integrity Working Group.
-
Security Week ☛ Customer Information of Toyota Insurance Company Exposed Due to Misconfigurations
Exposed credentials for an email address at an Indian Toyota insurance broker led to customer information compromise.
-
Silicon Angle ☛ Have I Been Pwned adds 71M compromised credentials from the ‘Naz.API’ data set
Data breach indexing site Have I Been Pwnd has just added a new data set of almost 71 million stolen user credentials from the “Naz.API” data set that includes 25 million previously unknown leaks.
-
Security Week ☛ List Containing Millions of Credentials Distributed on Hacking Forum, but Passwords Old
Naz.API credential stuffing list containing 70 million unique email addresses and old passwords found on hacking forum.
-
Security Week ☛ Unpatched Rapid SCADA Vulnerabilities Expose Industrial Organizations to Attacks
Seven vulnerabilities found in Rapid SCADA could be exploited to gain access to sensitive industrial systems, but they remain unpatched.
-
TechRepublic ☛ Attackers Could Eavesdrop on Hey Hi (AI) Conversations on Apple, AMD, Imagination and Qualcomm GPUs
Security researchers from Trail of Bits identified a GPU memory vulnerability they called LeftoverLocals. Some affected GPU vendors have issued fixes.
-
Federal News Network ☛ Is the Cyber Safety Review Board working? Lawmakers consider tweaks to CSRB
The CSRB is modeled after the National Transportation Safety Board, but some experts say the cyber board needs more independence and transparency.
-
Cado Security Labs Identifies Campaign to Compromise Docker Hosts
Cado Security identified an ongoing effort to abuse Docker containers using a 9hits service to create fraudulent web traffic.
-
Security in Container Orchestration
As containers become popular cloud-native software development, ensuring their security is the highest priority.
-
Windows TCO
-
Security Week ☛ Ransomware Group Targets Foxconn Subsidiary Foxsemicon
Foxsemicon’s website defaced with a message from the LockBit ransomware group, which claims to have stolen 5 Tb of data.
-
Security Week ☛ Top Official Says Kansas Courts Need at Least $2.6 Million to Recover From Cyberattack
Kansas Courts needs funding to cover the costs of bringing computer systems back online, pay vendors, improve cybersecurity and hire three additional cybersecurity officials.
-