On January 8, 2022, the open source maintainer of the wildly popular npm package colors, published colors@1.4.1 and colors@1.4.44-liberty-2 in which they intentionally introduced an offending commit that adds an infinite loop to the source code. The infinite loop is triggered and executed immediately upon initialization of the package’s source code, and would result in a Denial of Service (DoS) to any Node.js server using it.

When the credentials are submitted for a user account logon request, audit events are generated by the operating system which is determined by the Audit Credential Validation. The events occur as follow: As in an enterprise environment, domain accounts are used more often than local accounts so most of the user logon requests are in the Domain Environment for which Domain Controllers have the authorization. So, the event volume is high on Domain Controllers and low on member servers and workstations.

Earlier this week, the FTC issued a warning to companies regarding the Log4j vulnerability. Given the rampant exploitation of the recently discovered vulnerabilities in this ubiquitous open source logging package, it’s encouraging to see the agency take this rare step, beginning to form a firm stance on software supply chain security. Although this increased scrutiny from the FTC may at first seem daunting, violations can be remediated with the right practices.

One way to enhance SSH login security is by using two-factor authentication (2FA). This approach forces an administrator to self-identify with an additional security verification in addition to the local admin credentials. This tutorial guides you through setting up Google Authenticator PAM to enable 2FA for users connecting to SSH on a Linux server. We’ll use nano as our editor in examples.