Feed aggregator
AutoMQ: Achieving Auto Partition Reassignment in Kafka Without Cruise Control
Ask HN: Interesting Blue Sky Accounts to Follow?
Are there any accounts on blue sky that you recommend?
I am looking for accounts that people with a "hacker" personality may like.
Any suggestions?
Comments URL: https://news.ycombinator.com/item?id=42193111
Points: 1
# Comments: 1
X theme|starship|ohmyposh – Find your favorite terminal prompt theme [video]
Article URL: https://www.youtube.com/watch?v=KUmkgReBiaE
Comments URL: https://news.ycombinator.com/item?id=42193095
Points: 1
# Comments: 1
Best Meta Quest 2 Accessories for 2024
Everything iOS 18.1 Brought To Your iPhone That You Need to Know About
CISA and Partners Release Update to BianLian Ransomware Cybersecurity Advisory
Today, CISA, the Federal Bureau of Investigation (FBI), and the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) released updates to #StopRansomware: BianLian Ransomware Group on observed tactics, techniques, and procedures (TTPs) and indicators of compromise attributed to data extortion group, BianLian.
The advisory, originally published May 2023, has been updated with additional TTPs obtained through FBI and ASD’s ACSC investigations and industry threat intelligence as of June 2024.
BianLian is likely based in Russia, with Russia-based affiliates, and has affected organizations in multiple U.S. critical infrastructure sectors since June 2022. They have also targeted Australian critical infrastructure sectors, professional services, and property development.
CISA and partners encourage infrastructure organizations and small- to medium-sized organizations implement mitigations in this advisory to reduce the likelihood and impact of BianLian and other ransomware incidents. These mitigations align with the Cross-Sector Cybersecurity Performance Goals developed by CISA and the National Institute of Standards and Technology.
This advisory is part of CISA’s ongoing #StopRansomware effort.
Apple Releases Security Updates for Multiple Products
Apple released security updates to address vulnerabilities in multiple Apple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the following advisories and apply necessary updates:
2024 CWE Top 25 Most Dangerous Software Weaknesses
The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Homeland Security Systems Engineering and Development Institute (HSSEDI), operated by MITRE, has released the 2024 CWE Top 25 Most Dangerous Software Weaknesses. This annual list identifies the most critical software weaknesses that adversaries frequently exploit to compromise systems, steal sensitive data, or disrupt essential services.
Organizations are strongly encouraged to review this list and use it to inform their software security strategies. Prioritizing these weaknesses in development and procurement processes helps prevent vulnerabilities at the core of the software lifecycle.
Addressing these weaknesses is integral to CISA’s Secure by Design and Secure by Demand initiatives, which advocate for building and procuring secure technology solutions:
- Secure by Design: Encourages software manufacturers to implement security best practices throughout the design and development phases. By proactively addressing common weaknesses found in the CWE Top 25, manufacturers can deliver inherently secure products that reduce risk to end users. Learn more about Secure by Design here.
- Secure by Demand: Provides guidelines for organizations to drive security improvements when procuring software. Leveraging the CWE Top 25, customers can establish security expectations and ensure that their software vendors are committed to mitigating high-risk weaknesses from the outset. Explore how you can integrate Secure by Demand principles here.
Recommendations for Stakeholders:
- For Developers and Product Teams: Review the 2024 CWE Top 25 to identify high-priority weaknesses and adopt Secure by Design practices in your development processes.
- For Security Teams: Incorporate the CWE Top 25 into your vulnerability management and application security testing practices to assess and mitigate the most critical weaknesses.
- For Procurement and Risk Managers: Use the CWE Top 25 as a benchmark when evaluating vendors, and apply Secure by Demand guidelines to ensure that your organization is investing in secure products.
By following CISA’s initiatives, organizations can reduce vulnerabilities and strengthen application and infrastructure security. Incorporating the 2024 CWE Top 25 into cybersecurity and procurement strategies will enhance overall resilience.
For further details, refer to the full 2024 CWE Top 25 list here.
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
- CVE-2024-38812 VMware vCenter Server Heap-Based Buffer Overflow Vulnerability
- CVE-2024-38813 VMware vCenter Server Privilege Escalation Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
USDA Releases Success Story Detailing the Implementation of Phishing-Resistant Multi-Factor Authentication
Today, the Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Department of Agriculture (USDA) released Phishing-Resistant Multi-Factor Authentication (MFA) Success Story: USDA’s FIDO Implementation. This report details how USDA successfully implemented phishing-resistant authentication for its personnel in situations where USDA could not exclusively rely on personal identity verification (PIV) cards.
USDA turned to Fast IDentity Online (FIDO) capabilities, a set of authentication protocols that uses cryptographic keys on user devices, to offer a secure way to authenticate user identities without passwords. USDA’s adoption of FIDO highlights the importance of organizations moving away from password authentication and adopting more secure MFA technologies.
This report offers examples to help organizations strengthen their cybersecurity posture through use cases, recommended actions, and resources. USDA successfully implemented MFA by adopting a centralized model, making incremental improvements, and addressing specific use cases. Organizations facing challenges with phishing-resistant authentication are encouraged to review this report.
For more information about phishing-resistant MFA, visit Phishing-Resistant MFA is Key to Peace of Mind and Implementing Phishing-Resistant MFA.
Turn Your Doorbell Into Thanksgiving Greetings With Vivint Chimes
Mediacom Internet Review: Plans, Pricing, Speed and Availability Compared
I hated Dubai until I learned about it
Article URL: https://sive.rs/dxb
Comments URL: https://news.ycombinator.com/item?id=42193075
Points: 1
# Comments: 0
AT&T Turbo Indicator Showing Up in iPhone Status Bar for Subscribers
Article URL: https://www.macrumors.com/2024/11/20/att-turbo-iphone-carrier-label-ios-update/
Comments URL: https://news.ycombinator.com/item?id=42193058
Points: 1
# Comments: 0
AMD-powered El Capitan is now the fastest supercomputer
Async/Await Is Real and Can Hurt You
Article URL: https://trouble.mataroa.blog/blog/asyncawait-is-real-and-can-hurt-you/
Comments URL: https://news.ycombinator.com/item?id=42193034
Points: 2
# Comments: 0
Wonder-server for Maven and Gradle – com.gitee.whzzone
Article URL: https://mavenlibs.com/maven/pom/com.gitee.whzzone/wonder-server
Comments URL: https://news.ycombinator.com/item?id=42193020
Points: 1
# Comments: 0
Ghosts of Departed Proofs [pdf]
IKEA opening an exhibition about its famous blue bag
Article URL: https://www.ianvisits.co.uk/articles/ikea-opening-an-exhibition-about-its-famous-blue-bag-77185/
Comments URL: https://news.ycombinator.com/item?id=42193008
Points: 1
# Comments: 0