Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Securing The Nation With Insecure Databases: CBP Vendor Hacked, Exposing Thousands Of License Plate, Car Passenger Photos

    US Customs and Border Protection has suffered an inevitability in the data collection business. The breach was first reported by the Washington Post. It first appeared to affect the DHS's airport facial recognition system, but further details revealed it was actually a border crossing database that was compromised.

    The breach involved photos of travelers and their vehicles, which shows the CPB is linking people to vehicles with this database, most likely to make it easier to tie the two together with the billions of records ICE has access to through Vigilant's ALPR database.

    The breach involved a contractor not following the rules of its agreement with the CBP. According to the vendor agreement, all harvested data was supposed to remain on the government's servers. This breach targeted the vendor, which means the contractor had exfiltrated photos and plate images it was specifically forbidden from moving to its own servers.

  • PHP version 7.2.20RC1 and 7.3.7RC1
  • The GoldBrute botnet is trying to crack open 1.5 million RDP servers

    The latest round of bad news emerged last week when Morphus Labs’ researcher Renato Marinho announced the discovery of an aggressive brute force campaign against 1.5 million RDP servers by a botnet called ‘GoldBrute’.

  • New Brute-Force Botnet Targeting Over 1.5 Million RDP Servers Worldwide

    The campaign, discovered by Renato Marinho at Morphus Labs, works as shown in the illustrated image, and its modus operandi has been explained in the following steps: [...]

  • 32 bit is dead - Long live 32 bit

    This is another follow-up post on the Intel processor vulnerabilities. Yay. With more bad news. Yay!

    Instead of a long build-up, I will just give you the point: 32 bit is broken

    Well, is that really news? Not really. The real news is that Intel processors are broken - but you already know that. You also know that there are fixes around. Patches for the kernel. Disabling Intel(R) Hyper-Threading.

More in Tux Machines

DebConf19 invites you to Debian Open Day at the Federal University of Technology - Paraná (UTFPR), in Curitiba

DebConf, the annual conference for Debian contributors and users interested in improving the Debian operating system, will be held in Federal University of Technology - Paraná (UTFPR) in Curitiba, Brazil, from July 21 to 28, 2019. The conference is preceded by DebCamp from July 14 to 19, and the DebConf19 Open Day on July 20. The Open Day, Saturday, 20 July, is targeted at the general public. Events of interest to a wider audience will be offered, ranging from topics specific to Debian to the greater Free Software community and maker movement. The event is a perfect opportunity for interested users to meet the Debian community, for Debian to broaden its community, and for the DebConf sponsors to increase their visibility. Less purely technical than the main conference schedule, the events on Open Day will cover a large range of topics from social and cultural issues to workshops and introductions to Debian. Read more

Sparky Linux 5.8

Today we are looking at Sparky Linux 5.8. This point release of Sparky 5 comes with LXQt 0.14.1, Debian Buster, Linux Kernel 4.19 and uses about 350MB of ram when idling. Sparky Linux LXQt has become one of my favorites, as it has a modern feeling, with the latest of Qt and the stability of Debian, makes it one great combination. Enjoy! Read more Direct/video: Sparky Linux 5.8 Run Through Under an hour ago:

  • What?s next Sparky?

    As before, after releasing a new stable version of Sparky, there are a few changes to do. So… Sparky 4 “Tyche” is moved to oldstable line now. The latest 4.11 release is the last one of the 4 line, but it is still supported, the next 2 years about. Sparky 5 “Nibiru” just released, moving it from testing to stable line. The stable live/install media are available for i686, amd64 & armhf archs (the same as the older release).

Android Leftovers

Fedora and IBM/Red Hat: Network Security Toolkit (NST), Fedora CoreOS and Openwashing at OSCON

  • Network Security Toolkit (NST) 30 SVN 11210, which is Based on Fedora 30

    Network Security Toolkit (NST) is a Linux-based live operating system that provides a set of free and open-source computer security and networking tools to perform routine security and networking diagnostic and monitoring tasks. It is based on Fedora and NST has included comprehensive set of Open Source Network Security Tools, which is published in sectools.org website. It is offering an advanced Web User Interface (GUI) for system/network administrator, which allows them to configure many network and security applications. NST Team is pleased to announce the latest NST release of “NST 30 SVN:11210” on 1th July 2019.

  • Fedora announces the first preview release of Fedora CoreOS as an automatically updating Linux OS for containerized workloads

    Three days ago, Fedora announced the first preview release of the open-source project Fedora CoreOS as a secure and reliable host for computer clusters. It is specifically designed for running containerized workloads with automatic updates to the latest OS improvements, bug fixes, and security updates. It is secure, minimal, monolithic and is optimized for working with Kubernetes. The main goal of Fedora CoreOS is to be a reliable container host to run containerized workloads securely and at scale. It integrates Ignition from Container Linux technology and rpm-ostree and SELinux hardening from Project Atomic Host. Fedora CoreOS is expected to be a successor to Container Linux eventually. The Container Linux project will continue to be supported throughout 2019, leaving users with ample time to migrate and provide feedback. Fedora has also assured Container Linux users that continued support will be provided to them without any disruption. Fedora CoreOS will also become the successor to Fedora Atomic Host. The current plan is for Fedora Atomic Host to have at least a 29 version and 6 months of lifecycle.

  • IBM helps developers use open source and machine learning

    As artificial intelligence and machine learning become more widespread, it's essential that developers have access to the latest models and data sets. Today at the OSCON 2019 open source developer conference, IBM is announcing the launch of two new projects for developers.