Securing Open Source
Sisense Hacked: CISA Warns Customers at Risk
A hard-coded credential catastrophe: The analytics firm kept big companies’ secrets in an insecure AWS bucket. Government says victims include the “critical infrastructure sector.” ...
FCC: Phone Network Bugs Must Be Fixed — But are SS7/Diameter Beyond Repair?
Fast enough for government work: The Federal Communications Commission is finally minded to do something about decades-old vulnerabilities ...
Chrome’s Incognito Mode Isn’t as Private as You Think — but Google’s Not Sorry
Short term gain for long term pain? Class action attorney David Boies asked for $5,000 per user, but got nothing—except some assurances Google will delete data it no longer needs ...
PyPI Goes Quiet After Huge Malware Attack: 500+ Typosquat Fakes Found
Emergency stop button: The Python Package Index was drowning in malicious code again, so they had to shut down registration for cleanup ...
China Steals Defense Secrets ‘on Industrial Scale’
UNC5174 ❤ UNC302: CVSS 10 and 9.8 vulnerabilities exploited by Chinese threat actor for People’s Republic ...
Apple M-Series FAIL: GoFetch Flaw Finds Crypto Keys
GoFAIL: Researchers worm their way into broken cache-filling microcode in most Macs and iPads ...
EPA and White House Raise Alarm on Water Cybersecurity
Iran and China fingered: Biden admin. chides governors: Water infra. lacks “even basic cybersecurity precautions.” ...
Google Splashes the Cash in Bug Bounty Bonanza: $59 Million to Date
Wanna be a VRP VIP? Last year, $GOOG paid $10 million to ethical hackers for finding vulnerabilities ...
GitHub Fights Forks — Millions of Them — Huge Software Supply Chain Security FAIL
Forking hell: Scrotebots clone thousands of projects, injecting malware millions of times ...
CNCF Graduates Falco Project to Improve Linux Security
The Cloud Native Computing Foundation (CNCF) announced today that Falco, an open source tool for defining security rules in Linux environments, has officially graduated ...
