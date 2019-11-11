Language Selection

Security: Patches, QNAP NAS, SELinux and G Suite

Security

  • Security updates for Monday

    Security updates have been issued by Debian (e2fsprogs, ffmpeg, milkytracker, mupdf, openjdk-11, and qemu), Fedora (bashtop), Gentoo (ant, arpwatch, awstats, cacti, chromium, curl, dbus, djvu, filezilla, firefox, freexl, fuseiso, fwupd, glib-networking, haml, hylafaxplus, icinga, jhead, lha, libexif, libreswan, netqmail, nss, ntfs3g, ntp, ocaml, okular, ossec-hids, qtgui, qtnetwork, re2c, reportlab, samba, sarg, sqlite, thunderbird, transmission, tre, twisted, webkit-gtk, wireshark, and xen), openSUSE (cacti, cacti-spine, chromium, freerdp, go1.13, kernel, knot, libraw, LibVNCServer, perl-YAML-LibYAML, salt, tomcat, vino, and webkit2gtk3), and SUSE (mailman, rubygem-excon, rust, rust-cbindgen, samba, and tomcat).

  • Potential Legacy Risk from Malware Targeting QNAP NAS Devices

    This is a joint alert from the United States Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC).

    CISA and NCSC are investigating a strain of malware known as QSnatch, which attackers used in late 2019 to target Network Attached Storage (NAS) devices manufactured by the firm QNAP.

    All QNAP NAS devices are potentially vulnerable to QSnatch malware if not updated with the latest security fixes. The malware, documented in open-source reports, has infected thousands of devices worldwide with a particularly high number of infections in North America and Europe. Further, once a device has been infected, attackers can prevent administrators from successfully running firmware updates.

    This alert summarizes the findings of CISA and NCSC analysis and provides mitigation advice.

  • You can skip the virtual machine: Using SELinux with containers to help secure cloud native 5G

    Many communication service providers (CSPs) are looking at shifting to containers and a cloud native architecture, but have concerns about security. In this post, we'll explain why you don't need virtual machines to offer the security features the telecommunications market needs.

    [...]

    The solution to the security problem for telecom and other markets is SELinux. This set of changes for the Linux kernel originally came right from the National Security Agency (NSA) itself and it is standard with Red Hat CoreOS and RHEL. CoreOS is specifically a hardened version of Linux perfect for support of containerized applications.

  • Logging into a Linux System with G Suite Password

    With many organizations relying on G Suite™ as their core productivity suite, IT administrators wonder whether their users can log into their systems using their G Suite passwords Specifically, for those interested in automating their Linux® management, the possibility of logging into a Linux system with a G Suite password could help save time and money.

Games: ReplaySorcery, GOG, Synergia, and ScourgeBringer

  • ReplaySorcery is an open source instant-replay solution for Linux

    Need a project to easily capture the last 30 seconds of action? ReplaySorcery might just be the open source project that you're looking for. Unfortunately, on Linux the GPU vendors like AMD and NVIDIA do not provide their special tools like ShadowPlay or ReLive. On Windows, those can give you simple to use and high quality instant-replay recording. On Linux, you could use OBS Studio but it's a bit overkill, needs it to always be open and always recording. This is where ReplaySorcery comes in, giving you a new way to capture the action.

  • GOG have a 'Grand RPG Sale' going on with tons of good games going cheap

    DRM-free store GOG have today launched a Grand RPG Sale and they've filled their store full of sales on some top RPGs, from smaller indie titles to big hitters.

  • Synergia is a vibrant cyberpunk visual novel that stands out and it's available now

    Admittedly, the Visual Novel genre is not one I go to often but I couldn't resist with Synergia because of the incredible atmosphere and wonderful design work that went into it. Note: key provided by the publisher. "Synergia is a yuri thriller visual novel that takes place in a cyberpunk future, wrapped up in a beautifully unique, vibrant neon aesthetic. At the end of the world, sometimes love is the ultimate crime." Radi Art and Top Hat Studios have crafted something that gives off a definite Ghost in the Shell vibe, the Anime versions I mean, not the questionable 2017 movie. Synergia is genuinely quite a surprise! You're greeted first by a pumping intro with music that sounds like it's something out of Blade Runner and it certainly commands your attention. That demanding atmosphere carries through the game too, it's quite something.

  • The 'Old World' update for ScourgeBringer adds a whole new realm

    From the developers of NeuroVoider which also supports Linux, ScourgeBringer is a fast-paced free-moving roguelite platformer that's seriously fun and it's had a huge upgrade. Currently in Early Access, this is part of a series of planned big upgrades that they've successfully delivered from their roadmap. The focus of the 'Old World' update appears to be boosting the overall content with it adding in a whole new realm to battle through with its own unique enemies, a mini-boss and a main boss. There's also now challenge rooms and an alternate mini-boss for the first world too. They've also gone and tweaked the difficulty, as some rooms will alternate between easier or harder enemy waves to make the difficulity of the game a little more progressive.

10 Years of OpenStack – Alan Clark at SUSE

Happy 10 years of OpenStack! Millions of cores, 100,000 community members, 10 years of you. Storytelling is one of the most powerful means to influence, teach, and inspire the people around us. To celebrate OpenStack’s 10th anniversary, we are spotlighting stories from the individuals in various roles from the community who have helped to make OpenStack and the global Open Infrastructure community successful. Read more

