Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Millions of machines affected by command execution flaw in Exim mail server

    The flaw, which dates back to version 4.87 released in April 2016, is trivially exploitable by local users with a low-privileged account on a vulnerable system running with default settings. All that's required is for the person to send an email to "${run{...}}@localhost," where "localhost" is an existing local domain on a vulnerable Exim installation. With that, attackers can execute commands of their choice that run with root privileges.

  • Fortune 500 firm Tech Data leaks 264Gb of data online

    Security researchers from virtual private network firm vpnMentor have found an unsecured server belonging to American multinational tech vendor Data Tech online, containing 264GB of data about its client servers, invoices, SAP integrations and plaintext passwords.

  • Android malware once found a way onto phones before they even shipped

    Today, Google posted what amounts to a case study of some very persistent and clever hackers who kept trying to get malware on Android phones. It’s about the “Triada family” of apps designed to put spam and ads on a device. After a brief history of how it started in 2016 and an overview of how early versions worked, Google got to the surprising turn in the story: Triada devised a method to get malware on Android phones virtually at the factory, before customers had even opened the box or even installed a single app.

  • Google details Triada malware – three years after it was reported!

    Three years after it was first reported by Russian security firm Kaspersky ((formerly Kaspersky Lab), Google has suddenly decided to confirm a report that the firmware updates of some Android devices were compromised through their supply chain so that they could be infected with malware.

More in Tux Machines

Devices With Linux Support

  • Quest Releases KACE SDA & SMA Updates

    The update to 7.0 for KACE Systems Deployment Appliance is primarily about bringing a scope of endpoint management capabilities with new support for Linux devices to the table.

  • Rugged, Kaby Lake transport computer has a 10-port LAN switch with PoE

    Axiomtek’s Linux-ready “tBOX400-510-FL” transportation system has a 7th Gen Intel CPU and a 10-port managed switch with 8x M12-style 10/100Mbps PoE and 2x GbE ports. The rugged system also has 3x mini-PCIe slots and dual swappable SATA drives. Axiomtek has launched a fanless, Kaby Lake-U based transportation computer with a choice of power supplies designed for in-vehicle, marine, or railway applications. The rugged tBOX400-510-FL features a Qualcomm-driven, Layer 2 managed PoE switch with support for IP surveillance and video management applications. “Customers can connect IP cameras directly without installing an extra PoE switch, minimizing overall deployment costs and installation space onboard,” stated Axiomtek product manager Sharon Huang.

Software: Open Build Service (OBS) and Spotify 'App'

  • Introducing Open Build Service, Version 2.10

    We are pleased to announce the availability of Open Build Service (OBS) version 2.10! After more than one year of development, this new version of OBS brings a revamped web user interface, improved support for shipping your software in containers and integrating your package builds with source code management systems like GitLab and Pagure.

  • Spotify’s Snap App Was Outdated, But Now It Isn’t

    I’ll be honest: when Spotify arrived on the Snap store I thought: “hurrah”. Hurrah for an easier way to install the music streaming client (no need to futz around adding the Spotify repository like in the past) and hurrah for automatic background updates that ensure I’m always running the latest release. At least, that was the theory. Alas, the official Spotify for Linux Snap package has not been updated since April of this year. “Oh,” I thought, “I guess there hasn’t been an update to the Spotify Linux desktop client since then!” But there has — several updates, in fact!

KDE: Sponsorship, GSoC and KDE Connect

  • Couture Becomes a KDE Patron

    enioka Haute Couture is a software development house that creates complete and tailor-made solutions. enioka strives to return ownership of the software development and innovation to its customers. To that effect, it co-creates the software with its customers' teams to allow them to retain control of their projects in complex systems or organizations. "We are excited to welcome enioka Haute Couture as a Patron of KDE. They truly understand what it means to empower people when creating software; something KDE cares deeply about", said Lydia Pintscher, President of KDE e.V.

  • GSoC Milestone Update 1.1

    The second part of Milestone 1 for my Google Summer of Code 2019’s project porting KDE Connect to Windows involves enabling the SFTP plugin that ships in the linux build. The plugin allows you to navigate through your mobile device’s files (like you do with a file manager) ON YOUR DESKTOP! It makes use of sshfs to allow mounting the remote file system on your desktop. After that, you can use any file manager you like; heck, you can even use your terminal to have a walk through your mobile’s files. Once that is done, you can do literally anything with the mobile device’s files as you would do with the local filesystem: move files, copy them to your desktop machine, delete them, rename, anything!

  • KDE Connect sprint 2019

    From friday the 19th to sunday the 21st, we had the KDE Connect sprint. It's always a nice opportunity to meet the others working on KDE Connect, since we usually only talk to each other online.

  • KDE Connect is Being Ported to Windows 10

    Google Summer of Code 2019 is proving to be a bumper one for KDE Connect, the open source Android-to-PC integration suite. Last week we reported on the progress made by a GSoC student on KDE Connect for Mac. This week we bring word on a new KDE Connect Windows port. “Wait, isn’t KDE Connect already available for Windows?”, you might (rightly) ask — and the answer is yes, kind of!

Security Leftovers

  • Security updates for Monday

    Security updates have been issued by Debian (bind9, exiv2, kernel, nss, openjdk-11, openjdk-8, patch, and squid3), Fedora (gvfs, libldb, and samba), Mageia (firefox, gvfs, libreswan, rdesktop, and thunderbird), openSUSE (bzip2, clementine, dbus-1, expat, fence-agents, firefox, glib2, kernel, kernel-firmware, ledger, libqb, libu2f-host, pam_u2f, libvirt, neovim, php7, postgresql10, python-requests, python-Twisted, ruby-bundled-gems-rpmhelper, ruby2.5, samba, webkit2gtk3, zeromq, and znc), Red Hat (java-1.8.0-openjdk, java-11-openjdk, rh-maven35-jackson-databind, rh-nodejs8-nodejs, and rh-redis5-redis), Slackware (kernel), and SUSE (ucode-intel).

  • VLC Player hit by buffer overflow vulnerability

    A security researcher has warned of a serious vulnerability in VideoLAN's VLC Player (VLC), a popular media playback tool, for which no patch is yet available.

  • Critical flaw in VLC Player affecs Linux, Windows and UNIX apps

    GERMAN SECURITY AGENCY CERT-Bund has uncovered a critical flaw n VLC Media Player that could enable hackers to access and modify data on devices.