Security: Updates, Holes, FUD and Primers
-
Security updates for Friday
-
Critical Firefox vulnerability fixed in 67.0.3
-
NASA Lab Hacked Using A $25 Raspberry Pi Computer
Raspberry Pi is a teeny-tiny device that can be tinkered with to gain deceptively high capabilities. This has been proved by a recent report which confirmed that a NASA lab was hacked using a Raspberry Pi.
The breach occurred in April 2018 where NASA’s Jet Propulsion Laboratory (JPL) was hacked and 500MB of data from major mission systems was stolen.
[...]
Apparently, the system administrators did not consistently update the inventory system while adding new devices to the network.
-
DragonFlyBSD 5.6.1 Released To Fix TTM & OpenSSH Problems
There are two primary and separate bug fixes in DragonFlyBSD 5.6.1 around OpenSSH and TTM. The OpenSSH issue is a SSHD configuration issue for the SSH daemon. The TTM bug is a lockup issue that could come about when using the Radeon DRM graphics driver with this Radeon/TTM code ported over to DragonFlyBSD from the Linux kernel.
That's it for DragonFlyBSD 5.6.1, which is on top of the many great additions in version 5.6 like HAMMER2 by default, a VM rework / performance improvements, and other enhancements.
-
Google Accidentally Releases July 2019 Pixel Update In June
Some owners of Pixel 3A and 3A XL devices had a happy, or rather surprising, moment when they realized that Google goofed-up badly.
As posted on Reddit, Google accidentally released a build of the monthly security update meant for July 2019. It is 79.8MB in size and comes with a label that says “CONFIDENTIAL INTERNAL ONLY.” This clearly means it’s an internal build and not meant for public release.
-
100 Million Dell [Microsoft Windows-laden] PCs At Risk Due To Criticial Bug In ‘SupportAssist’ Software
The SupportAssist software comes pre-loaded on most Dell laptops and desktops. It’s used to check for different hardware and software issues that could arise over the course of time on Dell machines. For example, it can be used to test whether the battery is in a healthy condition or not.
Unfortunately, the innocent-looking SupportAssist could open doors for attackers who can use it to achieve privilege escalation on Dell machines running Windows 10. The vulnerability was discovered by security firm SafeBreach Labs, the firm told Fossbytes in an email.
-
Bird Miner: This Cryptominer Malware Emulates Linux To Attack Macs [Ed: Attributing dumb people installing malicious files on their disk to "Linux".]
One of the biggest disadvantages of using pirated software is the increased risk of letting your computer get infected with malware. Cybercriminals often bundle the cracked versions of paid software on piracy websites with adware and cryptominer to earn free cash. So, if you’re installing such programs from unknown sources, the chances of you getting hacked are pretty good.
The same attack vector is being used by hackers to distribute a new Mac cryptocurrency miner named Bird Miner. As Malwarebytes’ official blog explains, Bird Miner has been found to be bundled with a cracked installer of a software named Ableton Live, which is a tool for high-end music production.
-
New Mac cryptominer Malwarebytes detects as Bird Miner runs by emulating Linux
A new Mac cryptocurrency miner Malwarebytes detects as Bird Miner has been found in a cracked installer for the high-end music production software Ableton Live. The software is used as an instrument for live performances by DJs, as well as a tool for composing, recording, mixing, and mastering. And while cryptomining is not new on Mac, this one has a unique twist: It runs via Linux emulation.
-
Understanding Public Key Infrastructure and X.509 Certificates
Public Key Infrastructure (PKI) provides a framework of encryption and data communications standards used to secure communications over public networks. At the heart of PKI is a trust built among clients, servers and certificate authorities (CAs). This trust is established and propagated through the generation, exchange and verification of certificates.
This article focuses on understanding the certificates used to establish trust between clients and servers. These certificates are the most visible part of the PKI (especially when things break!), so understanding them will help to make sense of—and correct—many common errors.
As a brief introduction, imagine you want to connect to your bank to schedule a bill payment, but you want to ensure that your communication is secure. "Secure" in this context means not only that the content remains confidential, but also that the server with which you're communicating actually belongs to your bank.
- Login or register to post comments
- Printer-friendly version
- 2258 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
digiKam 7.7.0 is releasedAfter three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. |
Dilution and Misuse of the "Linux" Brand
|
Samsung, Red Hat to Work on Linux Drivers for Future TechThe metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. |
today's howtos
|
Recent comments
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago