Government

We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.

Discover Government News

White House Warns: Move to Memory-Safe Languages

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The Office of the National Cyber Director (ONCD) emphasizes the urgent need for developers to adopt memory-safe programming languages like Rust to minimize vulnerabilities in software. The ONCD's "Back to the Building Blocks: A Path Toward Secure and Measurable Software" report is a strong recommendation rather than an executive order or law.

European Court of Human Rights Declares Backdoored Encryption Illegal

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The European Court of Human Rights (ECHR) has made a major decision, ruling that laws requiring weakened encryption and extensive data retention violate the European Convention on Human Rights. In a recent case involving Russia's demand for Telegram to provide encryption assistance, the Court stated that such legislation cannot be considered necessary in a democratic society.

Debian Issues Statement about the EU Cyber Resilience Act

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The EU Cyber Resilience Act (CRA) and the Product Liability Directive (PLD) aim to introduce a set of cybersecurity and vulnerability handling requirements for manufacturers, with the intention to improve security. However, the Debian project has issued a statement raising concerns about the negative implications for the open-source community and contributors.

Feds Warn Health Sector to Watch for Open-Source Threats

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The government's warning to the health sector to watch for open-source threats has long been on the radar of the IT industry. Open-source software, which is free to use, can be a great tool for organizations that need to scale quickly or don't have the budget for proprietary software. However, using it has inherent risks, and no one knows that better than the government.

CISA Orders Federal Agencies to Patch Looney Tunables Linux Bug

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

On May 10th, 2019, the US Congress passed an order requiring federal agencies to patch a Linux bug that can be used to gain root access. The bug, known as "Looney Tunables," was discovered by security researchers in January and allows attackers to change the value of any kernel parameter on Linux systems running the 3.10 kernel or earlier.

Article 45 Will Roll Back Web Security by 12 Years

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The EU is poised to pass a sweeping new regulation, eIDAS 2.0. Buried deep in the text is Article 45, which returns us to the dark ages of 2011, when certificate authorities (CAs) could collaborate with governments to spy on encrypted traffic—and get away with it. Article 45 forbids browsers from enforcing modern security requirements on certain CAs without the approval of an EU member government. Which CAs?

SELinux In Linux 6.6 Removes References To Its Origins At The US NSA

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Security Enhanced Linux (SELinux) has been part of the mainline kernel for two decades to provide a security module implementing access control security policies and is now widely-used for enhancing the security of production Linux servers and other systems. Those that haven't been involved with Linux for a long time may be unaware that SELinux originates from the US National Security Agency (NSA). But now with Linux 6.6 the NSA references are being removed.

Monti Ransomware Deploying New Linux Encryptor

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A ransomware campaign by the recently emerged Monti ransomware group is targeting victims with a new Linux variant of its malware. The threat group is the latest in a growing number of ransomware groups finding profit in going after Linux infrastructure.

The Cyber Resilience Act Threatens Open Source

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Society and governments are struggling to adapt to a world full of cybersecurity threats. Case in point: the EU CRA — Cyber Resilience Act — is a proposal by the European Commission to enact legislation with a noble goal: protect consumers from cybercrime by having security baked in during design.

Pakistan-Based Hackers are Trying to Hack the Indian Government

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A technical report published by Uptycs security earlier this week revealed that a Pakistan-based advanced persistent threat (APT) actor called Transparent Tube attempted to deliver a Linux backdoor malware dubbed Poseidon on Indian government agency systems using a fake two-factor authentication tool.

OpenSSF Aimed to Stem Open Source Security Problems in 2022

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

In 2022, the Open Source Software Foundation (OpenSSF) set its sights on fixing security problems with the open software supply chain. including joining forces with companies including Apache, Google, Apple, and AWS, and meeting at the White House with the U.S. government's executive branch.

News

Powered By

Footer Logo

Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.

Powered By

Footer Logo