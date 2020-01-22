Security and Digital Restrictions (DRM) Leftovers
Security updates for Thursday
Security updates have been issued by openSUSE (chromium, libredwg, and thunderbird), Oracle (apache-commons-beanutils, java-1.8.0-openjdk, libarchive, and python-reportlab), Red Hat (kernel), Scientific Linux (apache-commons-beanutils, libarchive, and openslp), SUSE (java-11-openjdk), and Ubuntu (e2fsprogs, graphicsmagick, python-apt, and zlib).
The Common Pitfalls of Cloud Native Software Supply Chains
Daniel Shapira talks about some of the common security vulnerabilities found in cloud-native environments, and why it is important to take security measures immediately to protect instances in the cloud.
Microsoft Zero-Day Actively Exploited, Patch Forthcoming
An unpatched remote code-execution vulnerability in Internet Explorer is being actively exploited in the wild, Microsoft has announced. It’s working on a patch. In the meantime, workarounds are available.
The bug (CVE-2020-0674) which is listed as critical in severity for IE 11, and moderate for IE 9 and IE 10, exists in the way that the jscript.dll scripting engine handles objects in memory in the browser, according to Microsoft’s advisory, issued Friday.
The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user – meaning that an adversary could gain the same user rights as the current user.
[Cracker] Leaks More Than 500K Telnet Credentials for IoT Devices
A [cracker] has published a list of credentials for more than 515,000 servers, home routers and other Internet of Things (IoT) devices online on a popular [cracking] forum in what’s being touted as the biggest leak of Telnet passwords to date, according to a published report.
How to stop typosquatting attacks
Cybercriminals are turning to social engineering to try to trick unsuspecting people into divulging private information or valuable credentials. It is behind many phishing scams where the attacker poses as a reputable company or organization and uses it as a front to distribute a virus or other piece of malware.
One such risk is typosquatting, a form of social engineering attack that tries to lure users into visiting malicious sites with URLs that are common misspellings of legitimate sites. These sites can cause significant damage to the reputation of organizations that are victimized by these attackers and harm users who are tricked into entering sensitive details into fake sites. Both system administrators and users need to be aware of the risks and take steps to protect themselves.
Open source software, which is developed and tested by large groups in public repositories, is often lauded for its security benefits. However, when it comes to social engineering schemes and malware implantation, even open source tools can fall victim.
Sonos Will Stop Updating Older Speakers, Even Though 92% 'Still In Use'
Sonos will stop updating its older speakers and hardware in May, the company has announced.
Tale of Jailbreaking Disobedient IoT Appliances Shortlisted for the National Canada Reads Prize
In Unauthorized Bread, a novella by EFF Special Advisor Cory Doctorow published in his 2019 Tor Books collection Radicalized, a refugee named Salima leads a mass jailbreaking of the locked-down Internet of Things appliances in a subsidized housing unit in Boston. With this act, Salima and others risk eviction, felony prosecution under Section 1201 of the Digital Millennium Copyright Act and deportation to the countries they fled in fear of their lives.
Radicalized has just been named a finalist in Canada Reads, the Canadian Broadcasting Corporation's national book prize. In honor of the occasion, Ars Technica has published Unauthorized Bread in full.
Ubuntu’s Installer Slideshow Gets a Focal Refresh
Ubuntu’s installer slideshow isn’t something most of us spend an awful time looking at but for new users it serves an important educational goal. The Ubiquity desktop installer plays a slideshow during the main part of the install process. Each slide highlights a key feature or important function available in Ubuntu (or whichever Ubuntu flavour is being installed). The slideshow has been a staple part of Ubuntu (and many flavours) since it was introduced back in Ubuntu 10.10. For the upcoming release of Ubuntu 20.04 the look of the slideshow will better match the look of Yaru, Ubuntu’s default GTK theme (which recently got a big update of its own).
Linux Mint with Windows 7 Theme
This article explains step by step to change GNU/Linux Mint operating system user interface to mimic W7 especially after its official support ended in this January 2020. You can practice this tutorial in Cinnamon Edition and you will install 2 types of theme plus 1 original wallpaper here. By this tutorial, I want to help people who find it's easier to migrate to Free Software if their desktop looks like their previous OS. I believe helping them are good and useful. And I hope by publishing this more people will come to help B00merang Project and others alike to develop these themes. I hope your switch from W7 to GNU/Linux goes easier, smoother, and perfect. Enjoy!
Kernel/Graphics: AMD, Intel and Mesa
SUSE/OpenSUSE: Conferences, Fonts and SUSE CaaS Platform
