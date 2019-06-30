Language Selection

Security Leftovers

Submitted by Roy Schestowitz on Tuesday 2nd of July 2019 07:41:31 PM Filed under
Security
  • Ransomware Hits Georgia Courts As Municipal Attacks Spread [iophk: "Windows TCO"]

    "There’s definitely an increase or uptick in the amount of ransomware campaigns that we’re seeing out there, but it’s not specific to municipalities or state or federal organizations, it’s just pretty much across the board in every industry vertical," says David Kennedy, CEO of the penetration testing and incident response consultancy TrustedSec. "We’re working seven consecutive ransomware attacks right now—a couple of manufacturing, a couple of credit unions, and one local type of government incident."

  • Singapore Government Announces Third Bug Bounty Program

    The latest bug bounty program, similar to the previous two, will be hosted by HackerOne. The project is conducted in collaboration with the Cyber Security Agency of Singapore (CSA) and the Government Technology Agency of Singapore (GovTech).

    HackerOne will invite approximately 200 international hackers and 100 local hackers to take part in the challenge, which offers payouts between $250 and $10,000 per vulnerability report. The program will run from July to August and results will be announced in September.

  • US officials are talking about banning end-to-end encryption again

    A source believed to have been in attendance said, "The two paths were to either put out a statement or a general position on encryption, and [say] that they would continue to work on a solution, or to ask Congress for legislation," adding that the importance of the matter was reflected by the attendance of a group of Number 2s (from different stakeholder agencies, it's not a scatological reference).

    The problem for end users doesn't end with the NSA getting a better foothold on your WhatsApp chats because whilst it'll be easier for law enforcement and security agencies to see if you're up to no good, relaxing encryption also opens up a much wider foothold for [attackers] and cybercriminals to abuse the services too. And that's not to mention that if friendly intelligence can access your data, then foreign spies and snoopers can as well - it's all or nothing.

  • Exploit Using Microsoft Excel Power Query for Remote DDE Execution Discovered

    The Mimecast Threat Center team reached out to the Microsoft Security Response Center (MRSC) with our information and a working proof of concept. MRSC opened a case but Microsoft decided not to fix this behavior, and their response included a workaround by either using a Group Policy to block external data connections or use the Office Trust center to achieve the same. MRSC accepted our request to publish this research per the CVD policy.

  • How [Attackers] Turn Microsoft Excel's Own Features Against It [iophk: fails to mention improved options like LibreOffice and Calligra]

    On Thursday, researchers from threat intelligence firm Mimecast are disclosing findings that an Excel feature called Power Query can be manipulated to facilitate established Office 365 system attacks. Power Query allows users to combine data from various sources with a spreadsheet—like a database, second spreadsheet, document, or website. This mechanism for linking out to another component, though, can also be abused to link to a malicious webpage that contains malware. In this way, attackers can distribute tainted Excel spreadsheets that wreak havoc, from granting attackers system privileges to installing backdoors.

    "Attackers don’t need to invest in a very sophisticated attack—they can just open up Microsoft Excel and use its own tools," says Meni Farjon, Mimecast's chief scientist. "And you have basically 100 percent reliability. The exploit will work in all the versions of Excel as well as new versions, and will probably work across all operating systems, programming languages, and sub-versions, because it's based on a legitimate feature. That makes it very viable for attackers."

  • Cyber warfare is here

    Cybereason said they weren’t going to name the affected providers, but said many were sizable, and that it didn’t find evidence that North American providers had been infiltrated.

    The company also didn’t notify the targeted individuals.

    Cybereason thinks a [attack] this sophisticated is very likely the work of a nation-state.

Tiny, Linux-driven Cortex-A5 SBC supports FeatherWing add-ons

Groboards has launched an open-spec, Adafruit Feather-like “Giant Board” starting at $50. The 51 x 23mm SBC runs Linux on Microchip’s Cortex-A5-based SAMA5D SoC and can load more than 60 FeatherWing add-ons. In January, Groboards showed off a Giant Board SBC that adopts the Adafruit Feather form factor and supports FeatherWing add-on boards. Instead of the usual MCU, you get a beefier Cortex-A5-based Microchip SAMA5D27 SoC that runs Debian Linux. Now, the company has gone to Crowd Supply to sell the 51 x 23mm board starting at $50. Read more

Graphics: AMD, Canonical's Mir, NVIDIA and X.Org

  • AMD Radeon Pro WX 3200 Announced As A Small Form Factor $199 USD Workstation Card

    For those looking for a small form factor workstation-oriented graphics card or just a budget workstation GPU in general, AMD today announced the Radeon Pro WX 3200. This single-slot graphics card for $199 USD is based on AMD's Polaris architecture and not the newer Vega or Navi architecture. The WX 3200 has 10 compute units, 1.66 TFLOPS performance for compute, support for 4K/8K displays, and 4GB of GDDR5 video memory.

  • AMD "GFX8" Hardware Now Has Expanded DCC Support With RADV Vulkan Driver

    The latest work by Valve open-source Linux graphics driver contributor Samuel Pitoiset is on offering Delta Color Compression (DCC) support for layers with the Vulkan RADV driver. On top of the Delta Color Compression support already within RADV, this Mesa Radeon Vulkan driver now has DCC support for Vulkan layers.

  • Mir 1.3 Released With Wayland Improvements, New AL Features

    Mir 1.3 was released today as the newest version of Canonical's project making it easier to write desktop shells with Wayland support. Mir 1.3 has Wayland improvements around more eagerly sending buffer release events, more punctually executing work on the Wayland thread, and renaming of their zxdg_output_v1 protocol to zxdg_output_manager_v1.

  • NVIDIA 418.52.14 Linux Driver Brings Full-Screen Exclusive & Calibrated Timestamps

    The NVIDIA 418.52.14 Linux driver adds support for VK_EXT_calibrated_timestamps, VK_EXT_full_screen_exclusive, VK_EXT_shader_demote_to_helper_invocation, and VK_EXT_texel_buffer_alignment. The two later extensions are for new bits added with Vulkan 1.1.113 while the full-screen exclusive and calibrated timestamps are excited to finally see exposed in full by the NVIDIA Vulkan driver. VK_EXT_full_screen_exclusive has the potential of helping to improve performance by bypassing system composition (the compositor) during full-screen gaming, but of course does require games/engines to make use of this extension.

  • NVIDIA Announces GeForce RTX 2060 / 2070 / 2080 SUPER GPUs
  • It's A Last Call For Speakers At X.Org's XDC2019 Event

    The 2019 X.Org Developers Conference for "all-things open-source graphics" is coming up at the start of October. But if you've been wanting to talk about something related to the Linux kernel, Mesa, Wayland, or related components, this week is your last chance to apply.

Audio With DeaDBeeF, Demise of Apple's "Pod" Empire, New Podcast About Go

  • DeaDBeeF 1.8.1 Released! How to Install in Ubuntu 18.04 / Higher

    Deadbeef audio player 1.8.1 was released a few days ago with various bug-fixes and performance improvements for the 1.8 series.

  • Jony Ive ‘dispirited’ by Tim Cook’s lack of interest in product design: WSJ

    The WSJ report follows a similar piece published by Bloomberg last week. Both reports describe an Apple design team, led by Jony Ive, increasingly frustrated by his absence after the launch of the Apple Watch in 2015. They tell the story of a company that once put design at the forefront, progressively being led by operational concerns. Ive’s absence was “straining the cohesion central to product development,” according to the WSJ, causing several key design team members to leave Apple over the last few years.

  • Gabbing About Go | Coder Radio 364

    Mike and Wes burrow into the concurrent world of Go and debate where it makes sense and where it may not. Plus gradual typing for Ruby, a new solution for Python packaging, and the real story behind Jony Ive’s exit.

KDE: Installing KDE Neon, Usability/Productivity Sprint 2019 and Gcompris

  • The KDE ISO Image Writer is Coming to Windows

    Windows users will soon have another way to create a live, bootable USB drive of their fave Linux distribution. A KDE ISO writer tool for Windows desktops is being developed as part of the Google Summer of Code (GSoC). The app uses the same look and layout as the Linux version, which is available in the ‘development’ repos of the KDE Neon Linux distro. “KDE ISO Image Writer on Windows to allow people that want to install KDE Neon to easily write the ISO image onto a USB flash drive,” explains Farid Boudedja in a blog post update.

  • Usability & Productivity Sprint 2019

    I [partially, only 2 days out of the 7] attended the Usability & Productivity Sprint 2019 in Valencia two weekends ago. I was very happy to meet quite some new developer blood, which is something we had been struggling a bit to get lately, so we're starting to get on the right track again :) And I can only imagine it'll get better and better due to the "Onboarding" goal :) During the sprint we had an interesting discussion about how to get more people to know about usability, and the outcome is that probably we'll try to get some training to members of KDE to increase the knowledge of usability amongst us. Sounds like a good idea to me :)

  • Multiple Datasets: Tutorial

    This post is a step by step tutorial for adding multiple datasets to an activity in Gcompris. The procedure of adding multiple datasets to an activity is fairly simple in Gcompris. The steps for it are given below. Note: In these steps we'll refer the activity in consideration as current_activity. Also we assume that we plan to add 3 datasets to current_activity.

