http://www.zdnet.com/article/why-you-must-patch-the-new-linux-sudo-security-hole/ Ironically, only the most secure Linux server setups are vulnerable to this newly discovered hole. If you want your Linux server to be really secure, you defend it with SELinux. Many sysadmins don’t bother because SELinux can be difficult to set up. This makes the newly discovered Linux security hole — with the sudo command that only hits →
https://techcrunch.com/2017/06/02/who-catches-the-imsi-catchers-researchers-demonstrate-stingray-detection-kit/?ncid=rss&utm_source=tcfbpage&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29&utm_content=FaceBook&sr_share=facebook What’s needed is an independent method of identifying IMSI catchers in the wild. That’s what University of Washington researchers Peter Ney and Ian Smith have attempted to create with SeaGlass. “Up until now the use of IMSI-catchers around the world has been shrouded in mystery, and this lack of concrete information is a barrier to →
https://opensource.com/article/17/5/secure-open-source-devops?sc_cid=7016000000127ECAAY The key to secure app development is to “shift left”—move security testing away from late-stage production and back towards design and development. →
https://hbr.org/2017/06/11-things-the-health-care-sector-must-do-to-improve-cybersecurity No industry or sector is immune to hacking. That reality was made painfully clear in mid-May, when a cyberattacker using WannaCry ransomware crippled health care institutions and many other kinds of organizations around the world. In 2015 over 113 million Americans health records were exposed, and in 2016 the number was over 16 million. Experian predicted that the →
I visited today NOHAU seminar on industrial IoT and security related to it. The seminar content was in mixed Finnish and English language: Seminaari: Varaudu kyberhyökkäyksiin – Miten liität sulautetun laitteen turvallisesti internettiin? http://nohau.fi/events/hyodynna-ja-hallitse-teollinen-internet/ Ohjelma: 8.30 Aamupala ja rekisteröinti (breakfast and registration) 8:45 Tervetuloa – Nohau (wellcome) 9:00 Teollisen internetin businessmahdollisuudet, Jukka Nurmi, Director, IoT →
https://fossbytes.com/tor-anonymity-things-not-using-tor/ Being Anonymous online is the need of the hour, and TOR browser does that job quite efficiently and honestly. But there are some things that you need to keep in mind so that you don’t blow your anonymity cover while using the TOR network. →
https://pentestmag.com/write-secure-code-cc-programming-languages/ Secure coding in C/C++ programming languages is a big deal. The two languages, which are commonly used in a multitude of applications and operating systems, are popular, flexible, and versatile – and often vulnerable to exploitation. Sometimes the solution is to code using a safer language like Java. However, this is not always the →
http://www.theregister.co.uk/2017/05/23/enisa_proposes_internet_of_things_security_standards/ European network and infosec agency ENISA has taken a look at Internet of Things security, and doesn’t much like what it sees. So it’s mulling a vendor’s nightmare that the US and UK dared not approach: security regulation – at least the minimal regulation of testing and certification. IoT security needs bottom-to-top baseline requirements, →
https://www.schneier.com/blog/archives/2017/05/the_future_of_r.html Ransomware isn’t new, but it’s increasingly popular and profitable. The lessons for users are obvious: Keep your system patches up to date and regularly backup your data. This isn’t just good advice to defend against ransomware, but good advice in general. But it’s becoming obsolete. Needed solutions aren’t easy and they’re not pretty. The →
http://www.zdnet.com/article/its-not-just-windows-anymore-samba-has-a-major-smb-bug/ The other week, Microsoft got its security teeth kicked in when an old SMB security hole was exploited by the WannaCry ransomware attack. This week, it’s the turn of Samba, the popular open-source SMB server. Like the WannaCry security hole, the good news is the Samba file-sharing bug has already been fixed. The bad news is you →