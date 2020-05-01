Security Leftovers
Open-source Android mobile platform Lineage OS hacked
In another incident of online breach, hackers gained illegal access to the open-source operating system for smartphones Lineage OS. The online intrusion was confirmed by the company. As per the company, the OS was hacked on Saturday last week around 8 pm US Pacific coast. It said that the hack was detected on time and that the attack did no harm to the source code of the operating system. Builds and signing keys too remain intact, it added.
According to the lineage OS developers, the attackers used an unpatched vulnerability to breach its Salt installation. Salt is again an open-sourced framework offered by Saltstack. It is usually deployed to manage and automate servers inside data centres, cloud server setups, or internal networks. Cybersecurity firm F-Secure recently revealed two major vulnerabilities in the Salt framework. These included CVE-2020-11651 which is an authentication bypass and CVE-2020-11652, a directory traversal. Both these vulnerabilities together could allow the hackers to bypass login authentication and run codes to leave the servers of Salt master exposed on the internet, the cybersecurity firm warned.
Hackers break into open-source Android mobile platform LineageOS
Vulnerabilities in the Open-source and commercial Salt management framework
On April 30, F-Secure Labs published an advisory for two vulnerabilities (CVE-2020-11651 and CVE-2020-11652), in the open-source and commercial Salt management framework, which is used in data centers and cloud environments as a configuration, monitoring, and update tool.
Canonical Outs New Ubuntu Linux Kernel Live Patch to Address 3 Flaws
Canonical has released a new Linux kernel live patch for some of its supported Ubuntu releases and official derivatives to address three security vulnerabilities discovered in the virtual terminal.
Available for Ubuntu 18.04 LTS (Bionic Beaver), Ubuntu 16.04 LTS (Xenial Xerus), and Ubuntu 14.04 ESM, the new kernel live patch includes fixes for three security issues discovered in Linux kernel’s virtual terminal (VT) implementation.
Are Xiaomi browsers spyware? Yes, they are...
In case you missed it, there was a Forbes article on Mi Browser Pro and Mint Browser which are preinstalled on Xiaomi phones. The article accuses Xiaomi of exfiltrating a history of all visited websites. Xiaomi on the other hand accuses Forbes of misrepresenting the facts. They claim that the data collection is following best practices, the data itself being aggregated and anonymized, without any connection to user’s identity.
Open Hardware/Modding: Raspberry Pi Zero W, OpenFlexure Microscope, Bill Dally's Ventilators
OpenRazer 2.8 Brings Broader Razer Device Support On Linux
OpenRazer 2.8 as this third-party, open-source solution for managing Razer devices on Linux is capable of now interfacing with a lot more hardware. Now supported with OpenRazer 2.8 are the Abyssus Elite (D.Va Edition), Abyssus Essential, Base Station Chroma, Basilisk, Blackwidow Essential, Blade 15 Studio Edition, Blade Pro (Late 2019), Blade Pro 2019, Chroma HDK (Hardware Development Kit), DeathAdder Essential (White Edition), DeathAdder V2, Huntsman Tournament Edition, Lancehead, Lancehead Wireless (2019), Mamba Elite, Mamba Wireless, Nommo Chroma, Nommo Pro, Tartarus V2, Viper, and Viper Ultimate.
