Tux Machines

Security: Patches, FUD, and Trojan Horses

Posted by Roy Schestowitz on Aug 22, 2022

=> 8 open source projects taking collaboration to the next level | today's howtos

Security updates for Monday [LWN.net]

=> ↺ Security updates for Monday [LWN.net]

Security updates have been issued by Debian (jetty9 and kicad), Fedora (community-mysql and trafficserver), Gentoo (chromium, gettext, tomcat, and vim), Mageia (apache-mod_wsgi, libitrpc, libxml2, teeworlds, wavpack, and webkit2), Red Hat (podman), Slackware (vim), SUSE (java-1_8_0-openjdk, nodejs10, open-iscsi, rsync, and trivy), and Ubuntu (exim4).

Getting started with Red Hat Insights malware detection [Ed: Red Hat pushing proprietary IBM garbage by pushing FUD about "malware" on Linux. There used to be this not-so-joke about anti-virus companies producing and spreading viruses just to sell their products.]

=> ↺ Getting started with Red Hat Insights malware detection

The beta of Red Hat Insights malware detection service is now available. The malware detection service is a monitoring and assessment tool that scans Red Hat Enterprise Linux (RHEL) systems for the presence of malware, utilizing over 175 signatures of known Linux malware provided in partnership with the IBM X-Force Threat Intelligence team

CISA Adds One Known Exploited Vulnerabilities to Catalog | CISA

=> ↺ CISA Adds One Known Exploited Vulnerabilities to Catalog | CISA

CISA has added a new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates.

Don’t leave open source open to vulnerabilities [Ed: 'Linux' Foundation goes out of its way to help its sponsored/owners (like Microsoft) badmouth "Open Source" and legitimise the FUD by distracting from proprietary back doors]

=> ↺ Don’t leave open source open to vulnerabilities

“Recently, the open-source ecosystem has been under siege,” said David Wheeler, director of open-source supply chain security at the Linux Foundation.

Black Hat USA 2022 & DEF CON 30: Highlights, Key Findings & Notable...

=> ↺ Black Hat USA 2022 & DEF CON 30: Highlights, Key Findings & Notable...

This year, Black Hat and DEF CON events marked a return to a time before the pandemic. However, in many ways, it represents the effort that has been made despite these substantial challenges to innovate and grow within security. It has made us more willing to trust our abilities and also not to forget the details, especially when it comes to the software we use every day.

Microsoft Defender for Endpoint Boosts Security on Mac and Linux [Ed: More like putting a back door, not enhancing security. Microsoft works for NSA and makes things intentionally vulnerable. When Microsoft calls something security and keeps it entirely proprietary ask them what they're trying to hide. There's not even an audit.]

=> ↺ Microsoft Defender for Endpoint Boosts Security on Mac and Linux

=> gemini.tuxmachines.org