Government
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
On May 10th, 2019, the US Congress passed an order requiring federal agencies to patch a Linux bug that can be used to gain root access. The bug, known as "Looney Tunables," was discovered by security researchers in January and allows attackers to change the value of any kernel parameter on Linux systems running the 3.10 kernel or earlier.
The Federal Bureau of Investigation (FBI) dismantled the infrastructure behind the illegal botnet proxy service IPStorm.
The EU is poised to pass a sweeping new regulation, eIDAS 2.0. Buried deep in the text is Article 45, which returns us to the dark ages of 2011, when certificate authorities (CAs) could collaborate with governments to spy on encrypted traffic—and get away with it. Article 45 forbids browsers from enforcing modern security requirements on certain CAs without the approval of an EU member government. Which CAs?
APT36 is a highly sophisticated APT (Advanced Persistent Threat) group known for conducting targeted espionage in South Asia and is strongly linked to Pakistan.
Security Enhanced Linux (SELinux) has been part of the mainline kernel for two decades to provide a security module implementing access control security policies and is now widely-used for enhancing the security of production Linux servers and other systems. Those that haven't been involved with Linux for a long time may be unaware that SELinux originates from the US National Security Agency (NSA). But now with Linux 6.6 the NSA references are being removed.
A ransomware campaign by the recently emerged Monti ransomware group is targeting victims with a new Linux variant of its malware. The threat group is the latest in a growing number of ransomware groups finding profit in going after Linux infrastructure.
The White House launched a multimillion-dollar cyber contest to use artificial intelligence (AI) to detect and fix security vulnerabilities in the U.S. government's digital infrastructure in response to hackers' growing use of AI.
The Biden Administration has extended the deadline for federal agencies to submit documentation proving that the software they use was developed with appropriate security practices, because the form for reporting on such matters isn't complete.
India's government has reportedly banned 14 messaging apps on national security grounds, including some open source services.
Society and governments are struggling to adapt to a world full of cybersecurity threats. Case in point: the EU CRA — Cyber Resilience Act — is a proposal by the European Commission to enact legislation with a noble goal: protect consumers from cybercrime by having security baked in during design.
A technical report published by Uptycs security earlier this week revealed that a Pakistan-based advanced persistent threat (APT) actor called Transparent Tube attempted to deliver a Linux backdoor malware dubbed Poseidon on Indian government agency systems using a fake two-factor authentication tool.
The Linux Foundation Janssen Project, a low-code digital ID software platform developed in partnership with Gluu, has been adjudged as a digital public good (DPG) following a review by the Digital Public Good Alliance (DPGA).
In 2022, the Open Source Software Foundation (OpenSSF) set its sights on fixing security problems with the open software supply chain. including joining forces with companies including Apache, Google, Apple, and AWS, and meeting at the White House with the U.S. government's executive branch.
The US government’s cybersecurity agency CISA is giving federal agencies an early February deadline to patch a critical -- and already exploited -- security vulnerability in the widely used CentOS Control Web Panel utility.
The Defense Information Systems Agency has released a security technical implementation guide to ensure the secure installation of the Tri-Lab Operating System Stack 4.
As per the latest CERT-In security alert, multiple vulnerabilities have been reported in the Linux-based operating system designed by Google
Cybersecurity continues to be a hot topic. More and more organizations are getting hit by ransomware attacks, critical open software vulnerabilities are making news, and we’re seeing industries and governments coming together to discuss initiatives to improve software security.
The C and C++ languages are unsafe. Instead, the U.S. National Security Agency would like devs to use memory-safe languages—because most security vulnerabilities are caused by bugs in memory usage.
The NSA and CISA released the guide “Securing the Software Supply Chain: Recommended Practices Guide for Developers” last month and while David Wheeler, the director of open-source supply chain security at the Linux Foundation and OpenSS, welcomes it, he said there are some questionable requirements.
Federal legislators have begun the process of better securing the open-source software used by government agencies with a new bill titled “Securing Open Source Software Act of 2022.”