Sicurezza – Bollettini Microsoft e Linux

News, Alert e Bollettini di sicurezza Microsoft e Linux

Microsoft (Microsoft Technical Security Notifications, MSRC Blog)
  • Recognizing Q3 Top 5 Bounty Hunters
    by MSRC Team on 20 aprile 2018 at 5:02 pm

    Throughout the year, security researchers submit some amazing work to us under the Microsoft Bug Bounty program. Starting this quarter, we want to give a shout out to and acknowledge the hard work and dedication of the following individuals and companies who have contributed to securing Microsoft’s products and services over our third quarter (January-March... […]

  • April 2018 security update release
    by MSRC Team on 10 aprile 2018 at 5:00 pm

    Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this month’s security updates can be found in the Security Update Guide. […]

  • Speculative Execution Bounty Launch
    by MSRC Team on 15 marzo 2018 at 12:00 am

    Today, Microsoft is announcing the launch of a limited-time bounty program for speculative execution side channel vulnerabilities. This new class of vulnerabilities was disclosed in January 2018 and represented a major advancement in the research in this field.  In recognition of that threat environment change, we are launching a bounty program to encourage research into... […]

  • March 2018 security update release
    by MSRC Team on 13 marzo 2018 at 5:00 pm

    Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this month's security updates can be found in the Security Update Guide. […]

  • Inside the MSRC– The Monthly Security Update Releases
    by MSRC Team on 15 febbraio 2018 at 12:21 am

    For the second in this series of blog entries we want to look into which vulnerability reports make it into the monthly release cadence. It may help to start with some history.  In September 2003 we made a change from a release anytime approach to a mostly predictable, monthly release cadence.  October 2003 ushered in... […]

  • February 2018 security update release
    by MSRC Team on 13 febbraio 2018 at 6:43 pm

    Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this month's security updates can be found in the Security Update Guide. […]

  • Inside the MSRC – How we recognize our researchers
    by MSRC Team on 2 febbraio 2018 at 10:32 pm

    This is the first of a series of blog entries to give some insight into the Microsoft Security Response Center (MSRC) business and how we work with security researchers and vulnerability reports. […]

  • January 2018 security update release
    by MSRC Team on 9 gennaio 2018 at 6:16 pm

    Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this month's security updates can be found in the Security Update Guide. &nbs […]

  • 4053440 - Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields - Version: 3.0
    on 9 gennaio 2018 at 6:00 pm

    Revision Note: V3.0 (January 9, 2018): Microsoft has released an update for all supported editions of Microsoft Excel that allows users to set the functionality of the DDE protocol based on their environment. For more information and to download the update, see ADV170021.Summary: Microsoft is releasing this security advisory to provide information regarding security settings for Microsoft Office applications. This advisory provides guidance on what users can do to ensure that these applications are properly secured when processing Dynamic Data Exchange (DDE) fields. […]

  • December 2017 security update release
    by MSRC Team on 12 dicembre 2017 at 6:30 pm

    Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this month's security updates can be found in the Security Update Guide. […]

  • 4056318 - Guidance for securing AD DS account used by Azure AD Connect for directory synchronization - Version: 1.0
    on 12 dicembre 2017 at 6:00 pm

    Revision Note: V1.0 (December 12, 2017): Advisory published.Summary: Microsoft is releasing this security advisory to provide information regarding security settings for the AD DS (Active Directory Domain Services) account used by Azure AD Connect for directory synchronization. This advisory also provides guidance on what on-premises AD administrators can do to ensure that the account is properly secured. […]

  • November 2017 security update release
    by MSRC Team on 14 novembre 2017 at 6:00 pm

    Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this month's security updates can be found in the Security Update Guide. […]

  • MS14-085 - Important: Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3013126) - Version: 1.1
    on 19 ottobre 2017 at 5:00 pm

    Severity Rating: ImportantRevision Note: V1.1 (October 19, 2017): Corrected a typo in the CVE description.Summary: This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if a user browses to a website containing specially crafted JPEG content. An attacker could use this information disclosure vulnerability to gain information about the system that could then be combined with other attacks to compromise the system. The information disclosure vulnerability by itself does not allow arbitrary code execution. However, an attacker could use this information disclosure vulnerability in conjunction with another vulnerability to bypass security features such as Address Space Layout Randomization (ASLR). […]

  • MS16-039 - Critical: Security Update for Microsoft Graphics Component (3148522) - Version: 4.0
    on 12 settembre 2017 at 5:00 pm

    Severity Rating: CriticalRevision Note: V4.0 (September 12, 2017): Revised the Microsoft Windows affected software table to include Windows 10 Version 1703 for 32-bit Systems and Windows 10 Version 1703 for x64-based Systems because they are affected by CVE-2016-0165. Consumers running Windows 10 are automatically protected. Microsoft recommends that enterprise customers running Windows 10 Version 1703 ensure they have update 4038788 installed to be protected from this vulnerability.Summary: This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Skype for Business, and Microsoft Lync. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a webpage that contains specially crafted embedded fonts. […]

  • MS16-AUG - Microsoft Security Bulletin Summary for August 2016 - Version: 3.0
    on 12 settembre 2017 at 5:00 pm

    Revision Note: V3.0 (September 12, 2017): For MS16-095, revised the Windows Operating System and Components Affected Software table to include Internet Explorer 11 installed on Windows 10 Version 1703 for 32-bit Systems and Internet Explorer 11 installed on Windows 10 Version 1703 for x64-based Systems because they are affected by CVE-2016-3326. Microsoft recommends that customers running Internet Explorer on Windows 10 Version 1703 install update 4038788 to be protected from this vulnerability.Summary: This bulletin summary lists security bulletins released for August 2016. […]

  • MS16-APR - Microsoft Security Bulletin Summary for April 2016 - Version: 4.0
    on 12 settembre 2017 at 5:00 pm

    Revision Note: V4.0 (September 12, 2017): For MS16-039, revised the Windows Operating Systems and Components affected software table to include Windows 10 Version 1703 for 32-bit Systems and Windows 10 Version 1703 for x64-based Systems because they are affected by CVE-2016-0165. Consumers running Windows 10 are automatically protected. Microsoft recommends that enterprise customers running Windows 10 Version 1703 ensure they have update 4038788 installed to be protected from this vulnerability.Summary: This bulletin summary lists security bulletins released for April 2016. […]

  • MS16-OCT - Microsoft Security Bulletin Summary for October 2016 - Version: 3.0
    on 12 settembre 2017 at 5:00 pm

    Revision Note: V3.0 (September 12, 2017): For MS16-123, revised the Windows Operating System and Components affected software table to include Windows 10 Version 1703 for 32-bit Systems and Windows 10 Version 1703 for x64-based Systems because they are affected by CVE-2016-3376. Consumers using Windows 10 are automatically protected. Microsoft recommends that enterprise customers running Windows 10 Version 1703 ensure they have update 4038788 installed to be protected from this vulnerability.Summary: This bulletin summary lists security bulletins released for October 2016. […]

  • MS16-123 - Important: Security Update for Windows Kernel-Mode Drivers (3192892) - Version: 3.0
    on 12 settembre 2017 at 5:00 pm

    Severity Rating: ImportantRevision Note: V3.0 (September 12, 2017): Revised the Affected Software table to include Windows 10 Version 1703 for 32-bit Systems and Windows 10 Version 1703 for x64-based Systems because they are affected by CVE-2016-3376. Consumers using Windows 10 are automatically protected. Microsoft recommends that enterprise customers running Windows 10 Version 1703 ensure they have update 4038788 installed to be protected from this vulnerability.Summary: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system. […]

  • MS16-087 - Critical: Security Update for Windows Print Spooler Components (3170005) - Version: 2.0
    on 12 settembre 2017 at 5:00 pm

    Severity Rating: CriticalRevision Note: V2.0 (September 12, 2017): To address known issues with the 3170455 update for CVE-2016-3238, Microsoft has made available the following updates for currently-supported versions of Microsoft Windows: • Rereleased update 3170455 for Windows Server 2008 • Monthly Rollup 4038777 and Security Update 4038779 for Windows 7 and Windows Server 2008 R2 • Monthly Rollup 4038799 and Security Update 4038786 for Windows Server 2012 • Monthly Rollup 4038792 and Security Update 4038793 for Windows 8.1 and Windows Server 2012 R2 • Cumulative Update 4038781 for Windows 10 • Cumulative Update 4038781 for Windows 10 Version 1511 • Cumulative Update 4038782 for Windows 10 Version 1607 and Windows Server 2016. Microsoft recommends that customers running Windows Server 2008 reinstall update 3170455. Microsoft recommends that customers running other supported versions of Windows install the appropriate update. See Microsoft Knowledge Base Article 3170005 (https://support.microsoft.com/en-us/help/3170005) for more information.Summary: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if an attacker is able to execute a man-in-the-middle (MiTM) attack on a workstation or print server, or sets up a rogue print server on a target network. […]

  • MS16-095 - Critical: Cumulative Security Update for Internet Explorer (3177356) - Version: 3.0
    on 12 settembre 2017 at 5:00 pm

    Severity Rating: CriticalRevision Note: V3.0 (September 12, 2017): Revised the Affected Software table to include Internet Explorer 11 installed on Windows 10 Version 1703 for 32-bit Systems and Internet Explorer 11 installed on Windows 10 Version 1703 for x64-based Systems because they are affected by CVE-2016-3326. Consumers using Windows 10 are automatically protected. Microsoft recommends that enterprise customers running Internet Explorer on Windows 10 Version 1703 ensure they have update 4038788 installed to be protected from this vulnerability. Customers who are running other versions of Windows 10 and who have installed the June cumulative updates do not need to take any further action.Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. […]

  • MS16-JUL - Microsoft Security Bulletin Summary for July 2016 - Version: 2.0
    on 12 settembre 2017 at 5:00 pm

    Revision Note: V2.0 (September 12, 2017): For MS16-087, to address known issues with the 3170455 update for CVE-2016-3238, Microsoft has made available the following updates for currently-supported versions of Microsoft Windows: • Rereleased update 3170455 for Windows Server 2008 • Monthly Rollup 4038777 and Security Update 4038779 for Windows 7 and Windows Server 2008 R2 • Monthly Rollup 4038799 and Security Update 4038786 for Windows Server 2012 • Monthly Rollup 4038792 and Security Update 4038793 for Windows 8.1 and Windows Server 2012 R2 • Cumulative Update 4038781 for Windows 10 • Cumulative Update 4038781 for Windows 10 Version 1511 • Cumulative Update 4038782 for Windows 10 Version 1607 and Windows Server 2016. Microsoft recommends that customers running Windows Server 2008 reinstall update 3170455. Microsoft recommends that customers running other supported versions of Windows install the appropriate update. See Microsoft Knowledge Base Article 3170005 (https://support.microsoft.com/en-us/help/3170005) for more information.Summary: This bulletin summary lists security bulletins released for July 2016. […]

  • MS16-149 - Important: Security Update for Microsoft Windows (3205655) - Version: 1.1
    on 23 agosto 2017 at 5:00 pm

    Severity Rating: ImportantRevision Note: V1.1 (August 23, 2017): Corrected the Updates Replaced for security update 3196726 to None. This is an informational change only. Customers who have already successfully installed the update do not need to take any further action.Summary: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege if a locally authenticated attacker runs a specially crafted application. […]

  • MS17-007 - Critical: Cumulative Security Update for Microsoft Edge (4013071) - Version: 2.0
    on 8 agosto 2017 at 5:00 pm

    Severity Rating: CriticalRevision Note: V2.0 (August 8, 2017): To comprehensively address CVE-2017-0071, Microsoft released the July security updates for all versions of Windows 10. Note that Windows 10 for 32-bit Systems, Windows 10 for x64-based Systems, Windows 10 Version 1703 for 32-bit Systems, and Windows 10 Version 1703 for x64-based Systems have been added to the Affected Products table as they are also affected by this vulnerability. Microsoft recommends that customers who have not already done so install the July 2017 security updates to be fully protected from this vulnerability.Summary: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited these vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. […]

  • 4038556 - Guidance for securing applications that host the WebBrowser Control - Version: 1.0
    on 8 agosto 2017 at 5:00 pm

    Revision Note: V1.0 (August 8, 2017): Advisory published.Summary: Microsoft is releasing this security advisory to provide information regarding security settings for applications developed with the Microsoft Internet Explorer layout engine, also known as the Trident layout engine. This advisory also provides guidance on what developers and individuals can do to ensure that their applications hosting the WebBrowser Control are properly secured. […]

  • MS17-MAR - Microsoft Security Bulletin Summary for March 2017 - Version: 4.0
    on 8 agosto 2017 at 5:00 pm

    Revision Note: V4.0 (August 8, 2017): For MS17-007, to comprehensively address CVE-2017-0071, Microsoft released the July security updates for all versions of Windows 10. Note that Windows 10 for 32-bit Systems, Windows 10 for x64-based Systems, Windows 10 Version 1703 for 32-bit Systems, and Windows 10 Version 1703 for x64-based Systems have been added to the Affected Products table as they are also affected by this vulnerability. Microsoft recommends that customers who have not already done so install the July 2017 security updates to be fully protected from this vulnerabilitySummary: This bulletin summary lists security bulletins released for March 2017 […]

  • MS16-SEP - Microsoft Security Bulletin Summary for September 2016 - Version: 2.0
    on 11 luglio 2017 at 5:00 pm

    Revision Note: V2.0 (July 11, 2017): Revised Windows Affected Software and Vulnerability Severity Ratings table to include Windows 10 Version 1703 for 32-bit Systems and Windows 10 Version 1703 for x64-based Systems because they are affected by CVE-2016-3305. Microsoft recommends that customers running Windows 10 Version 1703 should install update 4025342 to be protected from this vulnerability.Summary: This bulletin summary lists security bulletins released for September 2016. […]

  • MS16-111 - Important: Security Update for Windows Kernel (3186973) - Version: 2.0
    on 11 luglio 2017 at 5:00 pm

    Severity Rating: ImportantRevision Note: V2.0 (July 11, 2017): Revised Windows Affected Software and Vulnerability Severity Ratings table to include Windows 10 Version 1703 for 32-bit Systems and Windows 10 Version 1703 for x64-based Systems because they are affected by CVE-2016-3305. Microsoft recommends that customers running Windows 10 Version 1703 should install update 4025342 to be protected from this vulnerability.Summary: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application on a target system. […]

  • 4033453 - Vulnerability in Azure AD Connect Could Allow Elevation of Privilege - Version: 1.0
    on 27 giugno 2017 at 5:00 pm

    Revision Note: V1.0 (June 27, 2017): Advisory published.Summary: Microsoft is releasing this security advisory to inform customers that a new version of Azure Active Directory (AD) Connect is available that addresses an Important security vulnerability. […]

  • 4025685 - Guidance related to June 2017 security update release - Version: 1.0
    on 13 giugno 2017 at 5:00 pm

    Revision Note: V1.0 (June 13, 2017): Advisory publishedSummary: Microsoft is announcing the availability of additional guidance for critical security updates, that are at heightened risk of exploitation due to past and threatened nation-state attacks and disclosures. Some of the releases are new, and some are for older platforms that we are making publicly available today. […]

  • 4022344 - Security Update for Microsoft Malware Protection Engine - Version: 1.2
    on 12 maggio 2017 at 5:00 pm

    Severity Rating: CriticalRevision Note: V1.2 (May 12, 2017): Added entries into the affected software table. This is an informational change only.Summary: Microsoft is releasing this security advisory to inform customers that an update to the Microsoft Malware Protection Engine addresses a security vulnerability that was reported to Microsoft. […]

Linux (Community’s Center for Security)
  • Debian LTS: DLA-1357-1: gunicorn security update
    on 22 aprile 2018 at 9:57 am

    LinuxSecurity.com: It was discovered that there was an issue in the gunicorn HTTP server for Python applicatons where CRLF sequences could result in an attacker tricking the server into returning arbitrary headers. […]

  • Fedora 26: java-1.8.0-openjdk Security Update
    on 22 aprile 2018 at 12:59 am

    LinuxSecurity.com: Updated to securityupdate u171 […]

  • Fedora 26: memcached Security Update
    on 22 aprile 2018 at 12:59 am

    LinuxSecurity.com: Security fix for CVE-2018-1000115, which disables the UDP port by default. […]

  • Cybercrime Economy Generates $1.5 Trillion a Year
    on 21 aprile 2018 at 10:33 am

    LinuxSecurity.com: If cybercrime was a country, it would have the 13th highest GDP in the world. Attackers generate $1.5 trillion in annual profit, which is about equal to the GDP of Russia, according to a new study on the interconnected economy of cybercrime. […]

  • Email attacks continue to cause headaches for companies
    on 21 aprile 2018 at 10:23 am

    LinuxSecurity.com: Over one-third of all security incidents start with phishing emails or malicious attachments sent to company employees, according to a report by F-Secure. […]

  • Fedora 27: perl-Module-CoreList Security Update
    on 21 aprile 2018 at 3:41 am

    LinuxSecurity.com: This release provides Perl 5.24.4 that fixes a heap buffer overflow in the pack() function and two overflows in the regular expression engine. […]

  • Fedora 27: jgraphx Security Update
    on 21 aprile 2018 at 3:41 am

    LinuxSecurity.com: Security fix for CVE-2017-18197 […]

  • Fedora 27: nghttp2 Security Update
    on 21 aprile 2018 at 3:41 am

    LinuxSecurity.com: - update to the latest upstream release (fixes CVE-2018-1000168) […]

  • Fedora 27: perl Security Update
    on 21 aprile 2018 at 3:41 am

    LinuxSecurity.com: This release provides Perl 5.24.4 that fixes a heap buffer overflow in the pack() function and two overflows in the regular expression engine. […]

  • Fedora 27: roundcubemail Security Update
    on 21 aprile 2018 at 3:41 am

    LinuxSecurity.com: Upstream announcement: **Version 1.3.6** This is a security update to the stable version 1.3. It primarily fixes a recently discovered IMAP command injection vulnerability caused by insufficient input validation within the archive plugin. Details about the vulnerability are published under CVE-2018-9846. Additionally, we back-ported some minor fixes from the master […]

  • Fedora 26: jgraphx Security Update
    on 21 aprile 2018 at 3:03 am

    LinuxSecurity.com: Security fix for CVE-2017-18197 […]

  • Fedora 26: roundcubemail Security Update
    on 21 aprile 2018 at 3:03 am

    LinuxSecurity.com: Upstream announcement: **Version 1.3.6** This is a security update to the stable version 1.3. It primarily fixes a recently discovered IMAP command injection vulnerability caused by insufficient input validation within the archive plugin. Details about the vulnerability are published under CVE-2018-9846. Additionally, we back-ported some minor fixes from the master […]

  • openSUSE: 2018:1042-1: important: chromium
    on 21 aprile 2018 at 12:08 am

    LinuxSecurity.com: An update that fixes 33 vulnerabilities is now available. […]

  • openSUSE: 2018:1038-1: important: cfitsio
    on 21 aprile 2018 at 12:06 am

    LinuxSecurity.com: An update that solves one vulnerability and has one errata is now available. […]

  • LinkedIn Fixes User Data Leak Bug
    on 20 aprile 2018 at 11:26 am

    LinuxSecurity.com: LinkedIn has quietly patched a vulnerability which could have allowed malicious third parties to steal members' personal data. […]

  • GitHub: New copyright rules could strangle software development
    on 20 aprile 2018 at 11:20 am

    LinuxSecurity.com: Developer platform GitHub has warned that plans to stop copyright infringements online could have a major impact on open-source software development. […]

  • IBM introduces open-source library for protecting AI systems
    on 19 aprile 2018 at 10:54 am

    LinuxSecurity.com: IBM released an open-source software library meant to help developers and researchers to protect AI systems including Deep Neural Networks (DNNs) against adversarial attacks. DNNs are complex machine learning models that has certain similarity with the interconnected neurons in the human brain. […]

  • Gold Galleon hackers target maritime shipping industry
    on 19 aprile 2018 at 10:50 am

    LinuxSecurity.com: Researchers have uncovered a Nigerian hacking ring which targets maritime shipping firms in order to try and steal millions of dollars on an annual basis. […]

  • German Government Chooses Open Source For Its Federal Cloud Solution
    on 18 aprile 2018 at 3:56 pm

    LinuxSecurity.com: It's not hidden that apart from costing tons of money, the use of proprietary software also brings along hidden security caveats. These are the two primary reasons why the usage of open source software is being pushed in public agencies all around the world, especially in European countries. […]

  • Microsoft built its own custom Linux kernel for its new IoT service
    on 18 aprile 2018 at 3:42 pm

    LinuxSecurity.com: At a small press event in San Francisco, Microsoft today announced the launch of a secure end-to-end IoT product that focuses on microcontroller-based devices - the kind of devices that use tiny and relatively low-powered microcontrollers (MCUs) for basic control or connectivity features. […]

  • Hackers are using botnets to take the hard work out of breaking into networks
    on 17 aprile 2018 at 10:36 am

    LinuxSecurity.com: Why hack a network when you can get a botnet to do it for you? It turns out that botnets might be an easier way to break into a network, not least by taking the grunt work out of it. It's not a new concept -- we've seen it before with bots running through lists of default usernames and passwords to hijack Internet of Things devices. […]

  • Detailing The Idle Loop Ordering Problem & The Power Improvement In Linux 4.17
    on 17 aprile 2018 at 10:34 am

    LinuxSecurity.com: Of the many great features/changes for Linux 4.17, one of the most exciting to us is the idle power efficiency and performance-per-Watt improvements on some systems thanks to a rework to the kernel's idle loop handling. Rafael Wysocki and Thomas Ilsche as two of the developers working on this big code change presented on their work today for this CPU idle loop ordering problem and its resolution. […]

  • Casino Gets Hacked Through Its Internet-Connected Fish Tank Thermometer
    on 16 aprile 2018 at 8:47 am

    LinuxSecurity.com: Internet-connected technology, also known as the Internet of Things (IoT), is now part of daily life, with smart assistants like Siri and Alexa to cars, watches, toasters, fridges, thermostats, lights, and the list goes on and on. […]

  • My letter urging Georgia governor to veto anti-hacking bill
    on 16 aprile 2018 at 8:18 am

    LinuxSecurity.com: Dear Governor Deal: I am writing to urge you to veto SB315, the "Unauthorized Computer Access" bill. […]

  • Social Engineering Methods for Penetration Testing
    on 21 ottobre 2016 at 10:18 am

    LinuxSecurity.com: Social engineering is the practice of learning and obtaining valuable information by exploiting human vulnerabilities. It is an art of deception that is considered to be vital for a penetration tester when there is a lack of information about the target that can be exploited. […]

  • Putting Infosec Principles into Practice
    on 23 settembre 2016 at 10:53 am

    LinuxSecurity.com: When you’re dealing with a security incident it’s essential you – and the rest of your team – not only have the skills they need to comprehensively deal with an issue, but also have a framework to support them as they approach it. This framework means they can focus purely on what they need to do, following a process that removes any vulnerabilities and threats in a proper way – so everyone who depends upon the software you protect can be confident that it’s secure and functioning properly. […]

  • Installing an Apache Web Server with TLS
    on 22 agosto 2016 at 3:30 pm

    LinuxSecurity.com: One of the powerful things that Linux on servers allows you to do is to create scalable web applications with little to no software costs. Apache HTTPD, commonly referred to as just Apache, is the number one web server software in the world. […]

  • Essential tools for hardening and securing Unix based Environments
    on 26 maggio 2015 at 7:34 pm

    LinuxSecurity.com: System administrators are aware as how important their systems security is, not just the runtime of their servers. Intruders, spammers, DDOS attack, crackers, are all out there trying to get into people's computers, servers and everywhere they can lay hands on and interrupt the normal runtime of services. […]

  • Securing a Linux Web Server
    on 28 aprile 2015 at 11:26 am

    LinuxSecurity.com: With the significant prevalence of Linux web servers globally, security is often touted as a strength of the platform for such a purpose. However, a Linux based web server is only as secure as its configuration and very often many are quite vulnerable to compromise. While specific configurations vary wildly due to environments or specific use, there are various general steps that can be taken to insure basic security considerations are in place. […]

  • Peter Smith Releases Linux Network Security Online
    on 6 gennaio 2014 at 6:28 pm

    LinuxSecurity.com: Thanks so much to Peter Smith for announcing on linuxsecurity.com the release of his Linux Network Security book available free online. "In 2005 I wrote a book on Linux security. 8 years later and the publisher has gone out of business. Now that I'm free from restrictions on reproducing material from the book, I have decided to make the entire book available online." […]