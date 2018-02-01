Language Selection

English French German Italian Portuguese Spanish

Security: Flash, FOSS and More

Submitted by Roy Schestowitz on Friday 2nd of February 2018 11:17:14 AM Filed under
Security
  • New Adobe Flash Zero-Day Spotted in the Wild

    South Korean authorities have issued a warning regarding a brand new Flash zero-day deployed in the wild.

    According to a security alert issued by the South Korean Computer Emergency Response Team (KR-CERT), the zero-day affects Flash Player installs 28.0.0.137 and earlier. Flash 28.0.0.137 is the current Flash version number.

    "An attacker can persuade users to open Microsoft Office documents, web pages, spam e-mails, etc. that contain Flash files that distribute the malicious [Flash] code," KR-CERT said. The malicious code is believed to be a Flash SWF file embedded in MS Word documents.

  • Growth of open source adoption increases number of security vulnerabilities [Ed: No, Equifax was the opposite. It's proof that patches were available but were not being applied.]

    The 2017 Equifax breach served as a major PSA of the growing size and scope of security vulnerabilities in open source — software components and applications. Despite many of them being “known,” these security flaws pose a potentially debilitating risk to enterprise security.

  • Software Composition Analysis: Identify Risk in Open Source Componentsf

    In March of 2017, it was reported that certain versions of the Apache Struts 2 Framework were vulnerable to Remote Code Execution attacks. If you were using a vulnerable version of the Apache Struts 2, the recommended remediation was to upgrade to Apache Struts 2.3.32 or 2.5.10.1. The issue was a Remote Code Execution bug in the Jakarta Multipart parser of Apache Struts 2 that could allow an attacker to execute malicious commands on the server when uploading files based on the parser.

  • Mitigating known security risks in open source libraries

    This chapter focuses on all you should know about fixing vulnerable packages, including remediation options, tooling, and various nuances. Note that SCA tools traditionally focused on finding or preventing vulnerabilities, and most put little emphasis on fix beyond providing advisory information or logging an issue. Therefore, you may need to implement some of these remediations yourself, at least until more SCA solutions expand to include them.

  • How to eliminate the default route for greater security
»

More in Tux Machines

Security: Updates for FOSS, Botnets for Windows

Debian: Packaging, Debconf, Outreachy, LTS

  • How are you handling building local Debian/Ubuntu packages?
    I’m in the middle of some conversations about Debian/Ubuntu repositories, and I’m curious how others are handling this. How are people maintaining repos for an organization? Are you integrating them with a git/CI (github/gitlab, jenkins/travis, etc) workflow? How do packages propagate into repos? How do you separate prod from testing? Is anyone running buildd locally, or integrating with more common CI tools?
  • Day four of the pre-FOSDEM Debconf Videoteam sprint
  • Debian welcomes its Outreachy interns
    The Outreachy programme is possible in Debian thanks to the efforts of Debian developers and contributors who dedicate their free time to mentor students and outreach tasks, and the Software Freedom Conservancy's administrative support, as well as the continued support of Debian's donors, who provide funding for the internships. Debian will also participate this summer in the next round for Outreachy, and is currently applying as mentoring organisation for the Google Summer of Code 2018 programme. Have a look at the projects wiki page and contact the Debian Outreach Team mailing list to join as a mentor or welcome applicants into the Outreachy or GSoC programme.
  • My Free Software Activities in January 2018
  • improving powertop autotuning
    I'm wondering about improving powertop's auto-tuning. Currently the situation is that, if you want to tune your laptop's power consumption, you can run powertop and turn on all the tunables and try it for a while to see if anything breaks. The breakage might be something subtle.

Elive 2.9.26 beta released

This new version includes: Greatly improved designs for clock and battery, clock is shown by default, the battery includes intuitive colors useful for show the status Improved initial configurations for hardware accelerated features with optimal autodetections and skipping in not supported ones like virtualmachines Lock screen: greatly improved design and a small fix included for wrong passwords attempts Massive rewrite of keyboard bindings greatly improved for a stable and productive system, all the media keys from special keyboards are assigned to the best launchers and features Desktop application launchers improvements, fixes and new includes, a new application is included to restart to a new clean desktop configuration, improved ebook support Persistence: improved speed disabling some disk usage Public folder sharing fixed Read more

Games: Steam, Ravenfield, Tangledeep and More

More on Tux Machines: AboutGalleryForumBlogsSearchNewsRSS Feed

Part of Bytes Media ● Sister sites below.

TechBytes Techrights button

Powered by Drupal, an open source content management system

Content available under CC-BY-SA CC

© by original authors

Powered by CentOS 6.5 (GNU/Linux), Varnish, and Drupal 6