Corrupted open-source software enters the Russian battlefield https://ift.tt/FwnBsK3 It started as an innocent protest. Npm, JavaScript’s package manager maintainer RIAEvangelist, Brandon Nozaki Miller, wrote and published an open-code npm source-code package called peacenotwar. It did little except add a protest message against Russia’s invasion of Ukraine. But then, it took a darker turn: It began […]
Microsoft Security Compliance Toolkit 1.0 (contains also Windows Policy Analyzer) https://ift.tt/Iqjh9GJ [German]Microsoft has released the Microsoft Security Compliance Toolkit 1.0 in Nov. 2021. This week I was asked if the Windows Policy Analyzer – a utility for analyzing and comparing Group Policy Objects (GPOs) – which has been available since 2016, is now being phased […]
Microsoft March 2022 Patch Tuesday: 71 vulnerabilities fixed https://ift.tt/EQZ8DpP Microsoft has released 71 security fixes for software, including 41 patches for Microsoft Windows vulnerabilities, five vulnerabilities in Microsoft Office and two in Microsoft Exchange. Three of the vulnerabilities are rated critical — CVE-2022-22006, CVE-2022-24501 and CVE-2022-23277 — while the rest are rated important. In the […]
Leaked stolen Nvidia cert can sign Windows malware https://ift.tt/iumQH0R An Nvidia code-signing certificate was among the mountain of files stolen and leaked online by criminals who ransacked the GPU giant’s internal systems. At least two binaries not developed by Nvidia, but signed this week with its stolen cert, making them appear to be Nvidia programs, […]
Open Source Alternatives to Popular SaaS Products https://ift.tt/Cb7Q8zp API Platform Hoppscotch API development ecosystem Postman Auth & SSO Cerbos Granular access control Okta, Auth0 Auth & SSO Keycloak User authentication and session management framework Okta, Auth0 Auth & SSO OPAL (Permit.io) Authorization adminstration framework (Open Policy) Okta, Auth0 Auth & SSO Ory Identity platform Okta, […]
Ukrainian gov’t sites disrupted by DDoS, wiper malware discovered https://ift.tt/TEv3OVW Ukraine’s State Service of Special Communications and Information Protection said a number of government websites and banks are dealing with a “massive DDoS attack” as the country prepares for a potential invasion by Russian-backed forces. The websites for the Ministry of Foreign Affairs, Ministry […]
CISA publishes guide with free cybersecurity tools, resources for incident response https://ift.tt/OHRhjqB CISA has published a guide containing free cybersecurity resources and services that may be valuable in incident response. The US Cybersecurity and Infrastructure Security Agency (CISA) is responsible for monitoring, managing, and reducing risk to the country’s critical infrastructure. The federal agency is […]
GitHub calls for contributions to new cybersecurity Advisory Database https://ift.tt/fe7190t GitHub announced on Tuesday that their Advisory Database for security data is now open to contributions from experts. GitHub senior product manager Kate Catlin explained that the company has teams of security researchers that review all changes and help keep security advisories up to date. […]
Squirrelwaffle, Microsoft Exchange Server vulnerabilities exploited for financial fraud https://ift.tt/PB3DnEA The combination of Squirrelwaffle, ProxyLogon, and ProxyShell against Microsoft Exchange Servers is being used to conduct financial fraud through email hijacking. On Tuesday, researchers from Sophos revealed a recent incident in which a Microsoft Exchange Server, which had not been patched to protect it against […]
Traditional MFA is creating a false sense of security https://ift.tt/2vHAsza A report from HYPR and Cybersecurity Insiders, reveals that despite the zero trust initiative, many organizations are still highly exposed to credential attacks due to insufficient multi-factor authentication (MFA) methods and overall lack of urgency after potential exposure. In fact, 64% of those hacked did […]
Stack IT News 