A tiny metadata error turned a routine Windows update into a security headache—delaying critical patches and leaving systems exposed. What went wrong, and how are IT pros fixing it? Check out the details.
#windowsupdate
#metadataerrors
#cybersecurity
#securityvulnerabilities
#itmanagement
Docker launches #DockerHardenedImages (DHI) – a security-focused set of base images designed to cut vulnerabilities by up to 95%.
Using a #distroless approach, DHI removes unnecessary components, supports automatic patching, and remains compatible with existing Dockerfiles.
More on #InfoQ: https://bit.ly/4nfy3TB
4chan Restored After Hackers Exploited Years of Neglected Tech Debt
#CyberSecurity #4chan #DataBreach #Hacked #Outage #TechDebt #Ghostscript #Moderator #Privacy #InfoSec #SoyjakParty #SecurityVulnerabilities
#Cybercrimeinfo #Newsletter361 provides updates on #cyberthreats, #securityvulnerabilities in #VMware and #WordPress, #ransomware trends, #policeactions, #cryptomoneylaundering, and #darkweb dangers.
The hidden threat: Tackling malware in your software supply chain – Source: securityboulevard.com https://ciso2ciso.com/the-hidden-threat-tackling-malware-in-your-software-supply-chain-source-securityboulevard-com/ #rssfeedpostgeneratorecho #SecurityBloggersNetwork #securityvulnerabilities #opensourcemanagement #softwaresupplychain #CyberSecurityNews #SecurityBoulevard #vulnerabilities #Malware
https://www.wacoca.com/news/2431316/ Appleの最新世代CPUに新たなサイドチャネル脆弱性が影響 – InfoQ ##デベロップメント #Apple #AppleCpuSideChannelSlapFlop #DevOps #Science&Technology #ScienceNews #SecurityVulnerabilities #TechnologyNews #セキュリティ #テクノロジー #科学 #科学&テクノロジー
DepsHub: The Ultimate Toolkit for Streamlined Dependency Management
In a world where software dependencies can quickly spiral out of control, DepsHub emerges as a beacon of clarity. This innovative toolkit not only lints and scans for potential issues but also intelli...
https://news.lavx.hu/article/depshub-the-ultimate-toolkit-for-streamlined-dependency-management
ASUS Routers Vulnerabilities Allows Arbitrary Code Execution https://cybersecuritynews.com/asus-router-vulnerabilities/ #SecurityVulnerabilities #NetworkSecurityNews #CyberSecurityNews #cybersecuritynews #FirmwareUpdates #Networksecurity
Azure Data Factory And Apache Airflow Integration Flaws Let Attackers Gain Write Access https://cybersecuritynews.com/azure-airflow-security-flaw/ #InformationSecurityNews #SecurityVulnerabilities #CyberSecurityNews #VulnerabilityNews #AzureDataFactory #ApacheAirflow #vulnerability #cloud
HPE Issues Urgent Patches for Critical Vulnerabilities in Aruba Networking Access Points https://thecyberexpress.com/hpe-security-patches-cve-2024-42509/ #ArubaNetworkingAccessPoint #SecurityVulnerabilities #TheCyberExpressNews #Vulnerabilities #TheCyberExpress #FirewallDaily #CVE202442509 #CVE202447460 #CyberNews #AOS10 #AOS8
Germany Drafts Law to Shield Ethical Hackers, Tighten Penalties for Cybercrime https://thecyberexpress.com/germany-drafts-law-to-shield-ethical-hackers/ #FederalMinistryofJusticeinGermany #cybersecurityprofessionals #SecurityVulnerabilities #computercriminallaw #securityresearchers #TheCyberExpressNews #VulnerabilityNews #MinistryofJustice #Vulnerabilities #TheCyberExpress #cybercrimelaws #ethicalhacking #FirewallDaily #Governance #CyberNews #Germany
Critical Apache OFBiz Vulnerability CVE-2024-38856 Identified and Actively Exploited https://thecyberexpress.com/cisa-flags-cve-2024-38856-vulnerability/ #enterpriseresourceplanning #ApacheOFBizVulnerability #SecurityVulnerabilities #remotecodeexecution #TheCyberExpressNews #CybersecurityNews #Vulnerabilities #TheCyberExpress #FirewallDaily #CVE202438856
Went on @trtworld over the weekend to provide live commentary on the Crowdstrike global IT outage on the Newshour programme and explain why it isn't an easy fix, as well as why we really should be looking at Microsoft to make changes in order to avoid this happening again. Thanks for the chat Maria Ramos!
Here's a clip from the segment, you can watch the full video here 
:
https://www.youtube.com/watch?v=NNDg52RPhMY
Microsoft China Bans Employees from Using Android Phones; Shift to iPhones Over Security Concerns https://thecyberexpress.com/microsoft-china-android-ban-iphones-security/ #SecurityVulnerabilities #TheCyberExpressNews #CybersecurityNews #GooglePlayStore #TheCyberExpress #dataprotection #MicrosoftChina #FirewallDaily #cybersecurity #Androidban #iPhone15 #iPhone #China
UAE Cyber Security Council Urges Samsung Users to Update Devices Against Data Theft https://thecyberexpress.com/samsung-vulnerabilities/ #SamsungVulnerabilitiesandExposures #AndroidSecurityBulletin #SecurityVulnerabilities #UAECyberSecurityCouncil #SamsungVulnerabilities #TheCyberExpressNews #CybersecurityNews #TheCyberExpress #FirewallDaily
Microsoft Patch Tuesday: 149 Security Vulnerabilities & Zero-days https://gbhackers.com/microsoft-patch-tuesday-3/ #SecurityVulnerabilities #MicrosoftPatchTuesday #CyberSecurityNews #Microsoft #Malware #CVE2024
New GoFetch Vulnerability in Apple’s M Chips Allows Secret Keys Leak on Compromised Computers – Source: www.techrepublic.com https://ciso2ciso.com/new-gofetch-vulnerability-in-apples-m-chips-allows-secret-keys-leak-on-compromised-computers-source-www-techrepublic-com/ #rssfeedpostgeneratorecho #securityvulnerabilities #SecurityonTechRepublic #SecurityTechRepublic #CyberSecurityNews #Cryptographic #Cybersecurity #Encryption #hardware #Security #Software #Apple #Intel #mac
It looks like it might be time to replace the network gear. I hate #unifi and the #uniquity platform (named for the ubiquitous #securityvulnerabilities) but I couldn't exactly afford to rip it all out and replace it. That is, until they EOLd the fancy "enterprise-class" gateway I bought 3 years ago. In proper #unifi style it was never actually capable of the enterprise-class features they promoted, but that doesn't mean I'm not using it anyway.
Some quick examples from my 'prosumer' home use. If you turn on traffic inspection, the total throughput drops to about 30%. If you want to add (or disable, or rename) a firewall rule you can expect 5 minutes of reloading where connectivity sometimes just goes spinning beachball.. And I'm not getting into the terrible no good web interface, the increasing push towards monthly subscriptions, or what a mess the guest network setup is.
The only 'enterprise' feature that actually functions is the WAN failover. It doesn't support custom routes or anything, just a choice of 50/50 or failover, but it works.
The question is, do I buy the replacement gateway? It isn't the cost, the thing is cheap, but I just don't want to keep encouraging them. Supposedly the new one can do everything the enterprise one originally claimed, except for the only feature that actually worked.. 
(It doesn't do failover, but I only had failover for like a month anyway before elmo went nuts and we cancelled.)
#networking #wifi #selfhosting
Have clients that are still on Ruby versions well beyond #EOL (end-of-life)? For some of them, it may be a lack of budget, staff, or skills to perform system-wide upgrades. Performing #majorVersionUpgrades can be hard, but opening yourself up to known #securityvulnerabilities is more costly in the long run.
If you're still on an old Ruby version, it's past time to upgrade. It's well worth the effort from both a security and a performance perspective!
