The Dangerous Numbers Behind Supply Chain Attacks
Supply chain attacks have witnessed a staggering surge in recent years, morphing into a formidable threat in the cyber landscape. When businesses are increasingly reliant on third-party software and open-source components, supply chain attacks have emerged as a viable and insidious vector for adversaries to exploit vulnerabilities in widely-used software, ... Read More
Witnessing the Perils of Appliance OS Upgrades
One might assume that upgrading an operating system (OS) is a straightforward task. However, this couldn’t be further from the truth, especially when it comes to specialized appliances. These are not your run-of-the-mill systems; they are intricately tailored for specific tasks, often operating with customized software. Ensuring compatibility while preserving ... Read More
CVE-2023-4911 Looney Tunables – Th-Th-That’s Not All, Folks
Vulnerability: Buffer overflow in glibc’s parsing of GLIBC_TUNABLES environment variable CVE ID: CVE-2023-4911 CVSS Score: 7.8 TuxCare’s Extended LifeCycle Support status can be found in the TuxCare CVE tracker here. In what amounts to a very interesting post-Summer months’ cybersecurity environment, there have been several noteworthy vulnerabilities emerging. Continuing with ... Read More
Cyber Risk’s Sensational Return to Work
Ah, the sweet residue of summer vacations! It’s that time when IT professionals, having (hopefully) soaked up enough sun, reluctantly drag themselves back to their desks, half-expecting a somewhat calm transition back into the daily grind. But, alas, September and the early whispers of October have decided to throw curveballs ... Read More
CVE-2023-4863: Just How Deep Does the Rabbit Hole Go?
Vulnerability: Heap Buffer Overflow in libwebp CVE ID: CVE-2023-4863 CVSS Score: 8.8 (Though a different CVE merged into this one was scored 10.0. The 8.8 score will likely be updated given the scope and risk) TuxCare’s Extended LifeCycle Support status can be found in the TuxCare’s CVE tracker here. ... Read More
The Secure Java Developer’s Toolkit
Java remains one of the most popular and widely-used programming languages. It’s not just about writing and running Java programs, though. A typical Java developer working in Linux has an entire ecosystem of tools and practices at their disposal, designed to make the development process smoother, faster, and more efficient ... Read More
When the House Lost: Lessons from the Recent Vegas Casino Ransomware Attacks
…or how to steal 15 million USD from a casino without resorting to “Ocean’s Eleven”-level shenanigans. When data breaches and ransomware attacks are becoming increasingly commonplace, even the glitzy and guarded world of Las Vegas casinos is not immune. Two weeks ago, the gambling capital was hit by a ... Read More
Supply Chain Attack Inception
There are many forms of supply chain attacks – repository hacking, developer initiated attacks, library tampering, domain hijacking, the list goes on – but an attack where the malware deliberately looks for your development software and infects other projects on your system during the build is something different. While ... Read More
