Following the recent publicity of Linux vulnerabilities, here is an announcement from The Linux Foundation, of $10m of donations to their Open Source Security Foundation (OpenSSF). Among the donors are Microsoft and Google. Linux Foundation announces $10 million cross-industry investment in Open Source Security Foundation (scmagazine.com)
Log4j exploits and behind the scenes with the Apache patching team
Here is an interesting article from the team at Apache dealing with patching the Log4j problem: The Apache Log4j team talks about the Log4Shell patching process – The Record by Recorded Future But the exploits in the wild are still happening: Threat actor target Ubiquiti network appliances using Log4Shell exploits …
Continue reading “Log4j exploits and behind the scenes with the Apache patching team”
“Patch Now” advised – more on the Linux vulnerabilities
TechRepublic has another article on Linux vulnerabilities that need to be addressed: Patch now: A newly discovered critical Linux vulnerability probably affects your systems | TechRepublic Linux servers – so you think this is not your problem? – Smart Thinking Solutions Twelve-Year-Old Linux Vulnerability Discovered and Patched – Schneier on …
Continue reading ““Patch Now” advised – more on the Linux vulnerabilities”
Making a business from bug bounty – controversial?
Zerodium has announced it will buy bugs from researchers in popular email clients – for white-hat purposes although their actions are controversial. Zerodium looks to buy zero-days in Outlook and Thunderbird email clients – The Record by Recorded Future
Bug programmes are a key step in our cyber-security
I have previously written about bug bounty programmes – where software vendors will pay white-hat hackers for information about flaws in their software – so security steps, updates and patches can be released before the black-hat hackers can exploit them in the wild. A little light holiday reading! – Smart …
Continue reading “Bug programmes are a key step in our cyber-security”
