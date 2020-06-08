Security Leftovers
How Misconfigured Containers May Create Cybersecurity Issues For Companies
2 Simple Steps for Securing Your Linux Desktop
When you first connect a freshly installed desktop machine to the Internet, there are several important things to bear in mind. Two obvious considerations of securing a desktop machine include frequently running package updates and configuring a few firewall rules to help keep the bad guys out.
In this article, we’ll look at these two steps from both a desktop perspective and, to provide a bit more context, we’ll also look at what’s going on within the system that’s running the desktop on the command line.
Security updates for Wednesday
Security updates have been issued by Arch Linux (chromium, firefox, gnutls, python-django, thunderbird, tomcat7, tomcat8, and tomcat9), CentOS (unbound), Debian (bluez, firefox-esr, kernel, and linux-4.9), Oracle (kernel), Red Hat (.NET Core, .NET Core 3.1, kernel, kernel-rt, libexif, microcode_ctl, pcs, and virt:rhel), SUSE (gnutls, java-1_7_0-ibm, kernel, microcode_ctl, nodejs10, nodejs8, rubygem-bundler, texlive, texlive-filesystem, thunderbird, and ucode-intel), and Ubuntu (intel-microcode, kernel, libjpeg-turbo, linux, linux-aws, linux-aws-5.3, linux-azure, linux-azure-5.3, linux-gcp, linux-gcp-5.3, linux-gke-5.3, linux-hwe, linux-kvm, linux-oracle, linux-oracle-5.3, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oracle, linux, linux-aws, linux-kvm, linux, linux-lts-trusty, and linux-gke-5.0, linux-oem-osp1).
Microsoft Patch Tuesday, June 2020 Edition
Microsoft today released software patches to plug at least 129 security holes in its Windows operating systems and supported software, by some accounts a record number of fixes in one go for the software giant. None of the bugs addressed this month are known to have been exploited or detailed prior to today, but there are a few vulnerabilities that deserve special attention — particularly for enterprises and employees working remotely.
[...]
Before you update with this month’s patch batch, please make sure you have backed up your system and/or important files. It’s not uncommon for a wonky Windows update to hose one’s system or prevent it from booting properly, and some updates even have known to erase or corrupt files. So do yourself a favor and backup before installing any patches. Windows 10 even has some built-in tools to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once.
Florence, Ala. Hit By Ransomware 12 Days After Being Alerted by KrebsOnSecurity [iophk: Windows TCO]
On May 26, acting on a tip from Milwaukee, Wisc.-based cybersecurity firm Hold Security, KrebsOnSecurity contacted the office of Florence’s mayor to alert them that a Windows 10 system in their IT environment had been commandeered by a ransomware gang.
Comparing the information shared by Hold Security dark web specialist Yuliana Bellini with the employee directory on the Florence website indicated the username for the computer that attackers had used to gain a foothold in the network on May 6 belonged to the city’s manager of information systems.
My call was transferred to no fewer than three different people, none of whom seemed eager to act on the information. Eventually, I was routed to the non-emergency line for the Florence police department. When that call went straight to voicemail, I left a message and called the city’s emergency response team.
That last effort prompted a gracious return call the following day from a system administrator for the city, who thanked me for the heads up and said he and his colleagues had isolated the computer and Windows network account Hold Security flagged as [cracked].
Python Programming
The Linux Setup – Emma Heffernan, Student
Initially, I always used Linux through virtual machines for capture the flag competitions or minor tasks. While lockdown had us caught up indoors, I decided it was the right time to experiment and develop my command-line skills. While my laptop is primarily Windows, I ended up running Linux Mint 19.3 on my desktop. Since the move, I can see the dust gathering on my laptop! Nothing against Windows or other operating systems, but the reasons I use Linux are for freedom, security, good performance, and high stability.
Shutter Encoder Is A Feature-Packed Audio / Video Transcoder
Shutter Encoder is a free and open source media transcoder for Windows and macOS, which was recently made available for Linux. The tool can convert images, videos and audio files to many formats, burn DVDs, download web videos, and it also incorporates some basic video editing features, like replacing the audio of video files, cutting and cropping videos with a preview, and more. Shutter Encoder uses Java along with various tools under the hood, like 7za, VLC, FFmpeg, ExifTool, MKVMerge (part of MKVToolNix), MediaInfo, DVDAuthor, youtube-dl and more.
Security Leftovers
