Language Selection

English French German Italian Portuguese Spanish

Security: SSH Honey Keys and Chaos of Microsoft/NSA

Submitted by Roy Schestowitz on Wednesday 8th of May 2019 09:47:23 AM Filed under
Security
  • SSH Honey Keys

    The thought behind honey keys is similar to Honeywords, a concept published a while ago to help identify attempts to use data collected in breaches to gain unauthorized access to a user account. In our case, the attacker attempts to authenticate with the honey key, the action is logged (or another action chosen by the defender) and an alarm is sounded for use of the key.

  • Stolen NSA hacking tools were used in the wild 14 months before Shadow Brokers leak

    One of the most significant events in computer security happened in April 2017, when a still-unidentified group calling itself the Shadow Brokers published a trove of the National Security Agency’s most coveted hacking tools. The leak and the subsequent repurposing of the exploits in the WannaCry and NotPetya worms that shut down computers worldwide made the theft arguably one of the NSA’s biggest operational mistakes ever.

    On Monday, security firm Symantec reported that two of those advanced [attack] tools were used against a host of targets starting in March 2016, fourteen months prior to the Shadow Brokers leak. An advanced persistent threat [attack] group that Symantec has been tracking since 2010 somehow got access to a variant of the NSA-developed "DoublePulsar" backdoor and one of the Windows exploits the NSA used to remotely install it on targeted computers.

  • Turla LightNeuron: An email too far

    Recently, ESET researchers have investigated a sophisticated backdoor used by the infamous espionage group Turla, also known as Snake. This backdoor, dubbed LightNeuron, has been specifically targeting Microsoft Exchange mail servers since at least 2014. Although no samples were available for analysis, code artefacts in the Windows version lead us to believe that a Linux variant exists.

  • Researchers discover highly stealthy Microsoft Exchange backdoor

    Aside from the Transport Agent, which is dropped in the Exchange folder located in the Program Files folder and registered in the mail server’s configuration, the backdoor also uses a DLL file containing most of the malicious functions needed by the Transport Agent.

    As mentioned before, the backdoor can block emails, modify their body, recipient and subject, created a new email, replace attachments, and re-create and re-send the email from the Exchange server to bypass the spam filter.

    It can create email and attachment logs, encrypt emails and store then, and parse JPG/PDF attachments and decrypt and execute the commands found in them.

    LightNeuron can also be instructed to write and execute files, delete and exfiltrate them, execute processes, disable itself, perform extensive logging (backdoor actions, debug, error, etc.) and perform automatic file exfiltration at a particular time of the day and night.

  • Russian Nation-State Group Employs Custom Backdoor for Microsoft Exchange Server

    "It's not really a vulnerability. They are using legitimate functionality [of Exchange]," he says.

    Microsoft was not available for comment at the time of this posting.

  • New backdoor targets Microsoft Exchange mail servers

    The malware was able to use the transport agent to read and modify every email passing through the server, compose and send emails, and block any email.

    ESET said LightNeuron used steganography to hide its commands inside a PDF document or a JPG image.

»

More in Tux Machines

GTK 3.96.0

This week, we released GTK+ 3.96.0. Again, it has been a while since the last release, so it is worth summarizing whats new in this release. There is really too much here to cover it all, so this post will only highlight the most important changes. This release is another milestone on our way towards GTK+ 4. And while there are still some unfinished things, this release is much closer to we hope to achieve with GTK+ 4. Read more

Why startups should release their code as open source

It's always hard to recall exactly how a project started, but sometimes that can help you understand that project more clearly. When I think about it, our platform for creating user guides and documentation, Dokit, came straight out of my childhood. Growing up in a house where my toys were Meccano and model airplane kits, the idea of making things, taking individual pieces and putting them together to create a new whole, was always a fundamental part of what it meant to play. My father worked for a DIY company, so there were always signs of building, repair, and instruction manuals around the house. When I was young, my parents sent me to join the Boy Scouts, where we made tables, tents and mud ovens, which helped foster my enjoyment of shared learning that I later found in the open source movement. The art of repairing things and recycling products that I learned in childhood became part of what I did for a job. Then it became my ambition to take the reassuring feel of learning how to make and do and repair at home or in a group—but put it online. That inspired Dokit's creation. Read more

Innovations on the Linux desktop: A look at Fedora 30's new features

The latest version of Fedora Linux was released at the end of April. As a full-time Fedora user since its original release back in 2003 and an active contributor since 2007, I always find it satisfying to see new features and advancements in the community. If you want a TL;DR version of what's has changed in Fedora 30, feel free to ignore this article and jump straight to Fedora's ChangeSet wiki page. Otherwise, keep on reading to learn about some of the highlights in the new version. Read more

The May 2019 Issue of the PCLinuxOS Magazine

The PCLinuxOS Magazine staff is pleased to announce the release of the May 2019 issue. With the exception of a brief period in 2009, The PCLinuxOS Magazine has been published on a monthly basis since September, 2006. The PCLinuxOS Magazine is a product of the PCLinuxOS community, published by volunteers from the community. The magazine is lead by Paul Arnote, Chief Editor, and Assistant Editor Meemaw. The PCLinuxOS Magazine is released under the Creative Commons Attribution- NonCommercial-Share-Alike 3.0 Unported license, and some rights are reserved. All articles may be freely reproduced via any and all means following first publication by The PCLinuxOS Magazine, provided that attribution to both The PCLinuxOS Magazine and the original author are maintained, and a link is provided to the originally published article. In the May 2019 issue: * De-Googling Yourself, Part 1 * GIMP Tutorial: More About Masks * PCLinuxOS Family Member Spotlight: jim2u71 * The Ruby Programming Language: Writing A Ruby Program, Part 2 * Casual Python, Part 4 * ms_meme's Nook: If I Had PCLinuxOS * FREE Linux Help Books * Tip Top Tips: Linking Your Orage Calendar To Google Calendar * Short Topix: Julian Assange Taken Into Custody * PCLinuxOS Recipe Corner: Philly Cheese & Ground Beef Casserole * And much more inside! This month’s cover was designed by parnote, with the cover photo by YouCanToo. Download the PDF (9.5 MB) https://pclosmag.com/download.php?f=2019-05.pdf Download the EPUB Version (8.6 MB) https://pclosmag.com/download.php?f=201905epub.epub Download the MOBI Version (7.1 MB) https://pclosmag.com/download.php?f=201905mobi.mobi Visit the HTML Version https://pclosmag.com/html/enter.html

More on Tux Machines: AboutGalleryForumBlogsSearchNewsRSS Feed

Part of Bytes Media ● Sister sites below.

TechBytes Techrights button

Powered by Drupal, an open source content management system

Content available under CC-BY-SA CC

© by original authors

Powered by CentOS 6.5 (GNU/Linux), Varnish, and Drupal 6