Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Hidden For 6 Years, ‘Slingshot’ Malware Hacks Your PC Through Your Router
  • Security updates for Tuesday
  • Microsoft Admits It Incorrectly Upgraded Some Windows 10 Users to v1709 [Ed: Windows Update is technically (not a joke) a botnet. It takes over people's PCs and hands them over for Microsoft to use up their CPU and bandwidth. Microsoft has ignored users' "update" settings since at least Windows XP days.]

    Microsoft admitted last week that it incorrectly updated some Windows 10 users to the latest version of the Windows 10 operating system —version 1709— despite users having specifically paused update operations in their OS settings.

    The admission came in a knowledge base article updated last week. Not all users of older Windows versions were forcibly updated, but only those of Windows 10 v1703 (Creators Update).

    This is the version where Microsoft added special controls to the Windows Update setting section that allow users to pause OS updates in case they have driver or other hardware issues with the latest OS version.

  • We Still Need More HTTPS: Government Middleboxes Caught Injecting Spyware, Ads, and Cryptocurrency Miners

    Last week, researchers at Citizen Lab discovered that Sandvine's PacketLogic devices were being used to hijack users' unencrypted internet connections, making yet another case for encrypting the web with HTTPS. In Turkey and Syria, users who were trying to download legitimate applications were instead served malicious software intending to spy on them. In Egypt, these devices injected money-making content into users' web traffic, including advertisements and cryptocurrency mining scripts.

    These are all standard machine-in-the-middle attacks, where a computer on the path between your browser and a legitimate web server is able to intercept and modify your traffic data. This can happen if your web connections use HTTP, since data sent over HTTP is unencrypted and can be modified or read by anyone on the network.

    The Sandvine middleboxes were doing exactly this. On Türk Telekom’s network, it was reported that when a user attempted to download legitimate applications over HTTP, these devices injected fake "redirect" messages which caused the user’s browser to fetch the file from a different, malicious, site. Users downloading common applications like Avast Antivirus, 7-Zip, Opera, CCleaner, and programs from download.cnet.com had their downloads silently redirected. Telecom Egypt’s Sandvine devices, Citizen Lab noted, were using similar methods to inject money-making content into HTTP connections, by redirecting existing ad links to affiliate advertisements and legitimate javascript files to cryptocurrency mining scripts.

  • Let’s Encrypt takes free “wildcard” certificates live
  • GuardiCore Upgrades Infection Monkey Open Source Cyber Security Testing Tool
  • A Guide To Securing Docker and Kubernetes Containers With a Firewall
  • How IBM Helps Organizations to Improve Security with Incident Response

    Protecting organizations against cyber-security threats isn't just about prevention, it's also about incident response. There are many different organizations that provide these security capabilities, including IBM X-Force Incident Response and Intelligence Services (IRIS), which is led by Wendi Whitmore.

    In the attached video interview Whitmore explains how incident response works and how she helps organizations to define a winning strategy. Succeeding at incident response in Whitmore's view, shouldn't be focused just on prevention but on building a resilient environment.

More in Tux Machines

Introducing Red Hat Quay

Embracing container orchestration has many implications for an enterprises’ technology stack. An image registry becomes a critical component of the deployment pipeline. Red Hat Quay is a mature enterprise-centric container image registry which has a rich history of meeting the needs of cloud native technologists. When Red Hat acquired CoreOS earlier this year, we were looking to amplify our leadership in enterprise container-based solutions. CoreOS at the time had two primary products, Tectonic and Quay. Quay was added directly into Red Hat’s portfolio of products and renamed Red Hat Quay. Read more Also: FPgM report: 2018–38

Security: Windows/NSA Back Doors and Exploits (EternalBlue), Rust Flaw, Roughtime, DDOS Hype and "The Lucy Gang"

  • Leaked NSA Exploits Shifting From Ransomware To Cryptocurrency Mining
    This report, from Zack Whittaker at TechCrunch, says there's really no endpoint in sight for the unintended consequences of exploit hoarding. But at this point, it's really no longer the NSA or Microsoft to blame for the continued rampage. Stats from Shodan show more than 300,000 unpatched machines in the United States alone. EternalBlue-based malware still runs rampant, but the focus has shifted from ransom to cryptocurrency. An unnamed company recently watched the NSA's exploit turn its computers into CPU ATMs. [...] There will never be a full accounting of the damage done. Yes, the NSA never thought its secret stash would go public, but that doesn't excuse its informal policy of never disclosing massive vulnerabilities until it's able to wring every last piece of intel from their deployment. And there's a chance this will happen again in the future if the agency isn't more proactive on the disclosure front. It was foolhardy to believe its tools would remain secret indefinitely. It's especially insane to believe this now.
  • The Rust Programming Language Blog: Security advisory for the standard library
    The Rust team was recently notified of a security vulnerability affecting the standard library’s str::repeat function. When passed a large number this function has an integer overflow which can lead to an out of bounds write. If you are not using str::repeat, you are not affected. We’re in the process of applying for a CVE number for this vulnerability. Fixes for this issue have landed in the Rust repository for the stable/beta/master branches. Nightlies and betas with the fix will be produced tonight, and 1.29.1 will be released on 2018-09-25 with the fix for stable Rust.
  • Cloudflare Secures Time With Roughtime Protocol Service
    If time is money, then how important is it to secure the integrity of time itself? Time across many computing devices is often synchronized via the Network Time Protocol (NTP), which isn't a secure approach, but there is another option. On Sept. 21, Cloudflare announced that it is deploying a new authenticated time service called Roughtime, in an effort to secure certain timekeeping efforts. The publicly available service is based on an open-source project of the same name that was started by Google. "NTP is the dominant protocol used for time synchronisation and, although recent versions provide for the possibility of authentication, in practice that‘s not used," Google's project page for Roughtime states. " Most computers will trust an unauthenticated NTP reply to set the system clock meaning that a MITM [man-in-the-middle] attacker can control a victim’s clock and, probably, violate the security properties of some of the protocols listed above."
  • DDoS Vulnerability Can Disrupt The Whole Bitcoin Infrastructure [Ed: Latest FUD about Bitcoin. A DDOS attack can disrupt anything at sufficient capacity levels, including Wall Street and ANY financial market.]
  • Crippling DDoS vulnerability put the entire Bitcoin market at risk
  • This Russian botnet mimics your click to prevent Android device factory resets
    According to researchers from Check Point, the botnet has been developed by a group of Russian-speaking hackers known as "The Lucy Gang," and demos have already been provided to potential subscribers to the system looking for Malware-as-a-Service (MaaS) solutions. Botnets are a thorn in the side for cybersecurity firms, hosting providers, and everyday businesses alike. The systems are made up of enslaved devices including mobile devices, Internet of Things (IoT) gadgets, and PCs.

Games: The Gardens Between and More to Come From Feral Interactive

  • The beautiful puzzle adventure 'The Gardens Between' is now out with native Linux support
    The Gardens Between from The Voxel Agents looks like a fantastic puzzle adventure and it's now available with native Linux support.
  • Feral Interactive are teasing ANOTHER new Linux port
    As a reminder, Feral Interactive have only recently release Life is Strange: Before the Storm and Total War: Warhammer II is confirmed to be coming this autumn. On top of that, last month they also put up another teaser that we're still guessing. I wouldn't be surprised if they do try to get more ports out earlier now, especially with Steam Play which would eat into their Linux port sales. Anyway…looks like 2018 really will be another great year for Linux gaming! The amount of Linux games Feral has ported now is kind of ridiculous: XCOM, XCOM 2, Tomb Raider, Rise of the Tomb Raider, Mad Max, Shadow of Mordor, HITMAN, F1 2017, Life is Strange, Life is Strange: Before the Storm, Dawn of War II, Dawn of War III, DiRT Rally and the list goes on.

FOSS Project Spotlight: Nitrux, a Linux Distribution with a Focus on AppImages and Atomic Upgrades

Nitrux is a Linux distribution with a focus on portable, application formats like AppImages. Nitrux uses KDE Plasma 5 and KDE Applications, and it also uses our in-house software suite Nomad Desktop. Read more