Joao Correia

TuxCare

This article is part of a series where we look at a recent NSA/CISA Joint Cybersecurity Advisory on the top cybersecurity issues identified during red/blue team exercises operated by these organizations. In this article, you will find a more in-depth look at the specific issue, with real-world scenarios where it ... Read More

Multiple UEFI vulnerabilities can lead to Linux, Windows, and Mac exploits LogoFAIL persists across operating system reinstallations It also extends the supply chain risks to the hardware itself   Security researchers, known for their inquisitive and unconventional methods, have recently scrutinized UEFI (Unified Extensible Firmware Interface), revealing significant vulnerabilities called ... Read More

Discussions about cybersecurity often unfold amidst grandiose and alarming narratives: ‘high impact,’ ‘critical,’ ‘most dangerous vulnerability‘ – phrases designed to catch headlines. The conversation floats at a lofty level, warning organizations of a complex, risky business environment where, in an instant, they could be brought to a standstill and suffer ... Read More

Cybersecurity incidents are more than availability problems Malicious actors are using the legal process to their advantage Personal liability for cybersecurity mishandling is becoming more common Cybersecurity incidents, once dismissed as minor disruptions, have evolved into significant threats with far-reaching consequences. Initially seen as temporary setbacks, their impact on business ... Read More

While checking my cybersecurity news feed a couple of days ago, an account (re-)publishing stories from years gone by was highlighting a late 2000 (actual year 2000, not the decade) event involving Microsoft and a hack that affected the company. This breach was notable because Microsoft had issued a patch ... Read More

The looming end of life (EOL) for CentOS Stream 8 – set for May 31, 2024 – presents both challenges and opportunities for developers, administrators, and users alike. It’s essential to consider the implications of continuing to use an OS that has become a “development” branch rather than the stable ... Read More

In the cybersecurity domain, we often assume that regularly checking for and applying updates keeps our systems secure. However, a subtle nuance is frequently overlooked. When we say we’ve applied “all available patches,” what we’re really saying is we’ve applied all patches “provided by our distribution vendor.” And therein lies ... Read More

Supply chain attacks have surged in recent years, gradually becoming a formidable threat in the cybersecurity landscape. Yet, despite their growing prevalence, there seems to be a disconnection between the perception and the reality of their potential damage. A staggering number of developers exhibit a ‘not in my backyard’ mentality, ... Read More

The realm of cryptography finds itself on the cusp of a groundbreaking evolution. While classical encryption methodologies have been heralded for their resilience against brute-force attacks, the arrival of post-quantum risks and novel algorithms threaten to change this landscape forever.   The Age-Old Trust in Classical Encryption   Classical encryption ... Read More

Some information found in this blog post has been sourced from an AMD security bulletin as well as a Phoronix article covering a speculative side-channel attack termed “INCEPTION.”   Shortly after Zenbleed was announced, yet another vulnerability relying upon side-channels techniques has been disclosed by AMD. While Zenbleed impacted Zen ... Read More