-
+41 +7
Now it's PostgreSQL's turn to have a bogus CVE
PostgreSQL and cURL aren't the only ones. Someone is faking security alerts for numerous open-source projects.
-
+44 +6
Update NOW: OpenSSL 1.1.1's Shelf-Life Has Ended
The OpenSSL Project has announced that the long-term support version of OpenSSL 1.1.1 has come to the end of its lifecycle except for paying customers.
-
+50 +6
Chainguard's Wolfi: Revolutionizing Containerized Workloads with Rapid Updates and Robust Security
A Small Octopus and a Big Idea: How Wolfi Linux is Improving the Cloud’s Software Supply Chain Security.
-
+58 +7
Linux tries to dump Windows' notoriously insecure RNDIS protocol
Here we go again. Linux developers are trying, once more, to rid Linux of Microsoft's Remote Network Driver Interface Specification. Here's why it's complicated.
-
+44 +5
New cryptographic protocol aims to bolster open-source software security
The Linux Foundation, BastionZero, and Docker believe OpenPubkey bolsters zero-trust passwordless authentication.
-
+51 +10
Patch now: This serious Linux vulnerability affects nearly all distributions
Qualys has discovered a nasty security hole, dubbed 'Looney Tunables', in the glibc C library. This means almost all Linux distributions have a bad security problem.
-
+50 +5
Thousands of Android devices come with unkillable backdoor preinstalled
Somehow, advanced Triada malware was added to devices before reaching resellers.
-
+44 +10
Ubuntu Linux 23.10 is adding an important new security feature
This has the potential to significantly improve Linux desktop and container security.
-
+52 +7
Google Cloud, AWS, and Cloudflare report largest DDoS attacks ever
The attack on Google Cloud was 7½ times larger than any previously recorded DDoS attack. Here's what else you need to know.
-
+43 +6
Nasty bug discovered in widely used Linux utility curl, and patches already rolled out
Curl is built into and silently used in numerous Linux distributions. A nasty security hole within it has been revealed and patched.
-
+39 +3
Can open source be saved from the EU's Cyber Resilience Act?
The road to Hell is paved with good intentions, and for open source this is a well meaning cluster fudge
-
+48 +6
Google plans to test proxy scheme to hide IP addresses
Plan for Chrome echoes Apple iCloud Private Relay
-
+44 +3
HTTP/2 Brings Rapid Reset Misery
Thanks to the way the networking protocol was designed, we are going to be living with this nasty bug for years to come.
-
+63 +6
Telemarketer goes belly-up after data breach
Sensitive details of charity donors leaked and also sensitive employee information had also been leaked during the attack – including police checks, child support documents, HR incidents, immigration sponsorship details, COVID-19 vaccination credentials, and notably, tax file numbers, passports, and licences.
-
+52 +6
GitHub IAM Private Creds Are Being Cryptojacked by EleKtra-Leak
Repeat after me: Do not — Do Not! — put hard-coded credentials in your production code repositories.
-
+50 +10
New Tripartite Initiative Aims to Fortify Open-Source Cybersecurity
Education is key to securing software. To help that happen, the Linux Foundation Training & Certification, ISC2, and the OpenSSF.
-
+52 +7
Want a handsomely paid job in tech? Here's what you do
At KubeCon, the need to bridge the skills gap was clearer than ever
-
+56 +8
Tetragon 1.0 Promises a New Era of Kubernetes Security and Observability
The eBPF-based security observability and runtime enforcement platform has grown up and sped up.
-
+47 +5
Kernel security now: Linux's unique method for securing code
At Open Source Summit Japan, Linux developer Greg Kroah-Hartman recaps the current state and future challenges of kernel security, including the specter of government regulation and the essential pain of unceasing updates.
-
+59 +10
This is how to protect your computers from LogoFAIL attacks
This obnoxious constellation of firmware attacks takes over computers. Here's which devices are vulnerable and what you can do to protect them.
Submit a link
Start a discussion