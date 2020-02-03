Security and Proprietary Software
Security updates for Thursday
Security updates have been issued by CentOS (kernel-rt, qemu-kvm, spamassassin, and Xorg), Debian (ruby-rack-cors), Fedora (glibc), openSUSE (ImageMagick), Oracle (ipa, kernel, and qemu-kvm), SUSE (systemd), and Ubuntu (exiv2, mbedtls, and systemd).
Email politics, security, and why you got an empty newsletter
Roskomnadzor, the Russian telecommunications regulator, is on the warpath against privacy focused European email service providers. Last week, it ordered Russian internet service providers to block ProtonMail and StartMail.
With a backup MX hosted on an unblocked domain, email servers located in Russia can still deliver emails. Delivery may take longer than normal as the sender’s email server will need to try the blocked servers first and then fall back to the backup MX. This is also good for redundancy in case of service interruptions at Mailbox.
I already have a self-hosted email server used for the blog’s newsletter. I didn’t want to manage two email servers. Instead, I reconfigured the newsletter email service to also act as the backup mail server for my domains.
While I was busy reconfiguring my domains and email server (it only took about ten minutes), news hit about a remote code execution vulnerability in OpenSMTPD. OpenSMTPD is the open-source email server software I’m using. I needed to double-check on something with my configuration and Bing helpfully put the news of the vulnerability at the top of the results.
Ragnarok Ransomware Targets Citrix ADC, Disables Windows Defender
A new ransomware called Ragnarok has been detected being used in targeted attacks against unpatched Citrix ADC servers vulnerable to the CVE-2019-19781 exploit.
Last week, FireEye released a report about new attacks exploiting the now patched Citrix ADC vulnerability to install the new Ragnarok Ransomware on vulnerable networks.
When attackers can compromise a Citrix ADC device, various scripts would be downloaded and executed that scan for Windows computers vulnerable to the EternalBlue vulnerability.
If detected, the scripts would attempt to exploit the Windows devices, and if successful, inject a DLL that downloads and installs the Ragnarok ransomware onto the exploited device.
TurboTax and Others Charged at Least 14 Million Americans for Tax Prep That Should Have Been Free, Audit Finds
More than 14 million taxpayers paid for tax prep software last year that they could have gotten for free, according to a scathing audit released Wednesday by the Treasury Inspector General for Tax Administration. That amounts to roughly a billion dollars in revenue for TurboTax maker Intuit, H&R Block and other tax software companies, according to a ProPublica analysis of tax prep fees.
The audit, which was launched following ProPublica’s reporting last year, explores why so few taxpayers use the Free File program, a public-private partnership between the IRS and companies such as Intuit and H&R Block. Among the reasons, the audit found: the confusing design and complexity of the program and persistently lax oversight by the IRS.
Sylabs is Pleased to Announce the Release of SingularityPRO 3.5
Based on the open source 3.5.2 release, SingularityPRO will receive security and bug fixes for 3 years, making it an ideal solution for the business-driven needs of enterprise customers containerizing their compute workloads.
