Tux Machines

Security Leftovers

Posted by Roy Schestowitz on Feb 27, 2023

=> Premium and Proprietary Malware From Microsoft | Review: elementary OS 7.0

Josh Bressers: Episode 364 – Using SBOMs is hard

=> ↺ Josh Bressers: Episode 364 – Using SBOMs is hard

Josh and Kurt talk about SBOMs. Quite a bit has happened in the world of SBOMs in the last year or so. There are going to be different types of SBOMs, like build, source, or runtime. Each will tell us different things depending on what we need to know. We also cover some of the community efforts happening around SBOMs. They’re still not easy to use, but it’s better better.

=> ↺ Josh | ↺ Kurt

=> ↺ Josh | ↺ Kurt

Ex-ASML Employee Accused of Data Theft Is Being Probed for Ties to China

=> ↺ Ex-ASML Employee Accused of Data Theft Is Being Probed for Ties to China

Investigators are looking at potential ties between the Chinese government and an ex-employee accused of stealing data from ASML Holding NV — a company critical to producing the world’s most advanced computer chips.

Support for Istio 1.15 ends on March 28th, 2023

=> ↺ Support for Istio 1.15 ends on March 28th, 2023

According to Istio's support policy, minor releases like 1.15 are supported until six weeks after the N+2 minor release (1.17 in this case). Istio 1.17 was released on February 14th, and support for 1.15 will end on March 28th, 2023.

=> ↺ support policy | ↺ Istio 1.17 was released on February 14th

At that point we will stop back-porting fixes for security issues and critical bugs to 1.15, so we encourage you to upgrade to the latest version of Istio (1.17.1). If you don't do this you may put yourself in the position of having to do a major upgrade on a short timeframe to pick up a critical fix.

We care about you and your clusters, so please be kind to yourself and upgrade.

=> ↺ support policy | ↺ Istio 1.17 was released on February 14th

When Low-Tech Hacks Cause High-Impact Breaches

=> ↺ When Low-Tech Hacks Cause High-Impact Breaches

Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. Media coverage understandably focused on GoDaddy’s admission that it suffered three different cyberattacks over as many years at the hands of the same hacking group.� But it’s worth revisiting how this group typically got in to targeted companies: By calling employees and tricking them into navigating to a phishing website.

=> gemini.tuxmachines.org