Language Selection

English French German Italian Portuguese Spanish

Security: Telegram, Bounties and More

Filed under
Security
  • Telegram zero-day let hackers spread backdoor and cryptocurrency-mining malware

    A zero-day vulnerability in Telegram Messenger allowed attackers to spread a new form of malware with abilities ranging from creating a backdoor trojan to mining cryptocurrency.

    The attacks take advantage of a previously unknown vulnerability in the Telegram Desktop app for Windows and were spotted being used in the wild by Kaspersky Lab.

    Researchers believe the Russian cybercriminal group exploiting the zero-day were the only ones aware of the vulnerability and have been using it to distribute malware since March 2017 -- although it's unknown how long the vulnerability had existed before that date.

  • More Than 4,000 Government Websites Infected With Covert Cryptocurrency Miner

    The rise of cryptocurrency mining software like Coinhive has been a decidedly double-edged sword. While many websites have begun exploring cryptocurrency mining as a way to generate some additional revenue, several have run into problems if they fail to warn visitors that their CPU cycles are being co-opted in such a fashion. That has resulted in numerous websites like The Pirate Bay being forced to back away from the software after poor implementation (and zero transparency) resulted in frustrated users who say the software gobbled upwards of 85% of their available CPU processing power without their knowledge or consent.

    But websites that don't inform users this mining is happening are just one part of an emerging problem. Hackers have also taken to using malware to embed the mining software into websites whose owners aren't aware that their sites have been hijacked to make somebody else an extra buck. Politifact was one of several websites that recently had to admit its website was compromised with cryptocurrency-mining malware without their knowledge. Showtime was also forced to acknowledge (barely) that websites on two different Showtime domains had been compromised and infected with Coinhive-embedded malware.

  • Why Bug Bounties Matter

    Bugs exist in software. That's a fact, not a controversial statement. The challenge (and controversy) lies in how different organizations find the bugs in their software.

    One way for organizations to find bugs is with a bug bounty program. Bug bounties are not a panacea or cure-all for finding and eliminating software flaws, but they can play an important role.

  • Shell Scripting and Security

    The internet ain't what it used to be back in the old days. I remember being online back when it was known as ARPAnet actually—back when it was just universities and a handful of corporations interconnected. Bad guys sneaking onto your computer? We were living in blissful ignorance then.

    Today the online world is quite a bit different, and a quick glimpse at the news demonstrates that it's not just global, but that bad actors, as they say in security circles, are online and have access to your system too. The idea that any device that's online is vulnerable is more true now than at any previous time in computing history.

  • Security updates for Tuesday
  • Open Source Security Podcast: Episode 82 - RSA, TLS, Chrome HTTP, and PCI

More in Tux Machines

Ubuntu vs Linux Mint: Which distro is best for your business?

Linux is attracting a growing number of users to its enormous selection of distribution systems. These 'distros' are operating systems with the Linux kernel at their foundation and a variety of software built on top to create a desktop environment tailored to the needs of users. Ubuntu and Linux Mint are among the most popular flavours of these. Ubuntu's name derives from a Southern Africa philosophy that can loosely be defined as "humanity to others", a spirit its founders wanted to harness in a complete operating system that is both free and highly customisable. Linux Mint is based on Ubuntu and built as a user-friendly alternative with full out-of-the-box multimedia support. By some measures, Linux Mint has surpassed the popularity of its progenitor, but Ubuntu retains a loyal following of its own. Read more

Ubuntu Core Embedded Linux Operating System Now Runs on Rigado’s IoT Gateways

Canonical has apparently partnered with Rigado, a private company that provides Bluetooth LE (Low Energy) modules and custom IoT gateways for them, as well as for Wi-Fi, LoRa, and Thread wireless technologies, to deploy its slimmed-down Ubuntu Core operating system across Rigado’s Edge Connectivity gateway solutions. "Rigado’s enterprise-grade, easily configurable IoT gateways will offer Ubuntu Core’s secure and open architecture for companies globally to deploy and manage their commercial IoT applications, such as asset tracking and connected guest experiences," says Canonical. Read more

Canonical's Unity 8 Desktop Revived by UBports with Support for Ubuntu 18.04 LTS

As you are aware, last year Canonical decided to stop the development of its futuristic Unity 8 desktop for Ubuntu and the Ubuntu Touch mobile OS. Days after their sad announcement a few community members appeared interested in taking over the development of Unity 8, the most promising one being Yunit. However, the Yunit project didn't manage to improve Unity 8 for desktops in the last few months as much as the community would have wanted, and, after a long battle, they decided to pass the baton to UBports team, which is announcing the initial build for devs and an official website for Unity 8. Read more

Openwashing of AT&T by the Linux Foundation