Language Selection

English French German Italian Portuguese Spanish

Security: DNS, Windows, Kaspersky and Lethal USB

Filed under
Security
  • The wave of domain hijackings besetting the Internet is worse than we thought

    The report was published Wednesday by Cisco’s Talos security group. It indicates that three weeks ago, the highjacking campaign targeted the domain of Sweden-based consulting firm Cafax. Cafax’s only listed consultant is Lars-Johan Liman, who is a senior systems specialist at Netnod, a Swedish DNS provider. Netnod is also the operator of i.root, one of the Internet’s foundational 13 DNS root servers. Liman is listed as being responsible for the i-root. As KrebsOnSecurity reported previously, Netnod domains were hijacked in December and January in a campaign aimed at capturing credentials. The Cisco report assessed with high confidence that Cafax was targeted in an attempt to re-establish access to Netnod infrastructure.

  • New Windows Zero-Day Vulnerability Grants Hackers Full Control Over PCs [Ed: The NSA already had these permissions. Now everyone has these.]

    According to the latest Kaspersky Lab Report, a Windows Zero-Day vulnerability is serving as a backdoor for hackers to take control of users’ PCs.

    The latest exploit utilizes a use-after-free attack and has a technical name CVE-2019-0895. The exploit is found in win32k.sys and grants hackers Local Privilege meaning they’re able to access resources usually outside of users’ capabilities.

  • New zero-day vulnerability CVE-2019-0859 in win32k.sys
  • AP Exclusive: Mysterious operative haunted Kaspersky critics

    He also asked Giles to repeat himself or speak louder so persistently that Giles said he began wondering “whether I should be speaking into his tie or his briefcase or wherever the microphone was.”

    “He was drilling down hard on whether there had been any ulterior motives behind negative media commentary on Kaspersky,” said Giles, a Russia specialist with London’s Chatham House thinktank who often has urged caution about Kaspersky’s alleged Kremlin connections. “The angle he wanted to push was that individuals — like me — who had been quoted in the media had been induced by or motivated to do so by Kaspersky’s competitors.”

  • Feds: Saint Rose grad used 'killer' device to fry computers

    In 2016, College of Saint Rose graduate assistant Vishwanath Akuthota said he believed there was a "lot of opportunity" for him at the school.

    On Monday, federal prosecutors said he took advantage of a different kind of opportunity — access to campus — when he destroyed dozens of computers at a cost of more than $50,000.

  • Student Uses “USB Killer” To Fry $58,000 Worth of Computers

Cisco: These are the flaws DNS hijackers...

  • Cisco: These are the flaws DNS hijackers are using in their attacks

    Cisco has warned that state-backed hackers are attempting to manipulate domain name systems (DNS) by using a combination of spear phishing and a number of known software flaws.

    "DNS is a foundational technology supporting the internet. Manipulating that system has the potential to undermine the trust users have on the internet. That trust and the stability of the DNS system as a whole drives the global economy. Responsible nations should avoid targeting this system," the Cisco Talos researchers said.

Sea Turtle' Campaign

  • 'Sea Turtle' Campaign Focuses on DNS Hijacking to Compromise Targets

    For at least two years, a highly capable threat actor has been running a campaign that relied on DNS hijacking to reach their targets. In the operation, at least 40 public and private organizations in 13 countries have been compromised.

    The domain name system (DNS) is the service that allows us to access websites by typing domain names instead of IP addresses in a browser's address bar. It translates the names into the numerical destination of the server hosting the web page we want to load.

    Access to DNS records enables an attacker to replace the addresses of a target's name servers so that they point to their own infrastructure. Once in control of the name servers responsible for handling requests for IP addresses associated with web domains, the threat actor can direct victims to content on malicious servers.

State-sponsored actor targets Mideast, North Africa using DNS

  • State-sponsored actor targets Mideast, North Africa using DNS hijacking

    A new cyber threat campaign that is claimed to be targeting public and private entities, including national security organisations in the Middle East and North Africa, has been discovered by Cisco's Talos Intelligence Group.

    Researchers Danny Adamitis, David Maynor, Warren Mercer, Matthew Olney and Paul Rascagneres said in a detailed blog post that the campaign, which they had christened Sea Turtle, had kicked off probably in January 2017 and was continuing.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Linux 5.2-rc2

Hey, what's to say? Fairly normal rc2, no real highlights - I think most of the diff is the SPDX updates. Who am I kidding? The highlight of the week was clearly Finland winning the ice hockey world championships. So once you sober up from the celebration, go test, Linus Read more Also: Linux 5.2-rc2 Kernel Released As The "Golden Lions"

Audiocasts/Shows: Linux Action News, Linux Gaming News Punch, Open Source Security Podcast and GNU World Order

Review: Red Hat Enterprise Linux 8.0

My experiment with RHEL 8 got off to a rough start. Going through the on-line registration process produced some errors and ended up with me getting the wrong ISO which, in turn, resulted in some confusion and delays in getting the distribution installed. Things then began to look up as RHEL 8 did a good job of detecting my system's hardware, registered itself without incident and offered good performance on physical hardware. I was particularly pleased that the distribution appears to detect whether our video card will work well with Wayland and either displays or hides Wayland sessions in response. I did have some trouble with the GNOME Classic Wayland session and GNOME Shell on X.Org was a bit sluggish. However, the Classic session on X.Org and GNOME Shell on Wayland both worked very well. In short, it's worthwhile to explore each of the four desktop options to see what works best for the individual. The big issues I ran into with RHEL were with regards to software management. Both GNOME Software and the Cockpit screen for managing applications failed to work at all, whether run as root or a regular user. When using the command line dnf package manager, the utility failed to perform searches unless run with sudo and occasionally crashed. In a similar vein, the Bash feature that checks for matching packages when the user types a command name it doesn't recognize does not work and produces a lengthy error. There were some security features or design choices that I think will mostly appeal to enterprise users, but are less favourable in home or small office environments. Allowing remote root logins by default on the Workstation role rubs me the wrong way, though I realize it is often useful when setting up servers. The enforced complex passwords are similarly better suited to offices than home users. One feature which I think most people will enjoy is SELinux which offers an extra layer of security, thought I wish the Cockpit feature to toggle SELinux had worked to make trouble-shooting easier. I was not surprised that RHEL avoids shipping some media codecs. The company has always been cautious in this regard. I had hoped that trying to find and install the codecs would have provided links to purchase the add-ons or connect us with a Red Hat-supplied repository. Instead we are redirected through a chain of Fedora documentation until we come to a third-party website which currently does not offer the desired packages. Ultimately, while RHEL does some things well, such as hardware support, desktop performance, and providing stable (if conservative) versions of applications, I found my trial highly frustrating. Many features simply do not work, or crash, or use a lot of resources, or need to be worked around to make RHEL function as a workstation distribution. Some people may correctly point out RHEL is mostly targeting servers rather than workstations, but there too there are a number of problems. Performance and stability are provided, but the issues I ran into with Cockpit, permission concerns, and command line package management are all hurdles for me when trying to run RHEL in a server role. I find myself looking forward to the launch of CentOS 8 (which will probably arrive later this year), as CentOS 8 uses the same source code as RHEL, but is not tied to the same subscription model and package repositories. I am curious to see how much of a practical effect this has on the free, community version of the same software. Read more

GNOME 3.34 Revamps the Wallpaper Picker (And Fixes a Longstanding Issue Too)

The upcoming release of GNOME 3.34 will finally solve a long standing deficiency in the desktop’s background wallpaper management. Now, I’ve written about various quirks in GNOME wallpaper handling before, but it’s the lack of option to pick a random wallpaper from a random directory via the Settings > Background panel that is, by far, my biggest bug bear. Ubuntu 19.04 ships with GNOME 3.32. Here, the only wallpapers available to select via the Settings > Background section are those the system ships with and any top-level images placed in ~/Pictures — nothing else is selectable. So, to set a random image as a wallpaper in GNOME 3.32 I tend to ignore the background settings panel altogether and instead use the image viewer’s File > Set as background… option (or the similar Nautilus right-click setting). Thankfully, not for much longer! Read more